We are in the process of upgrading our network and due to the firewall being 100mbs/port, we are weighing our options. Our clients have an Excel add-in that uses webqueries to pull possiby large amounts of data (for those unfamiliar with webqueries, just think of a very large webpage - say at most 5000 rows and 30 columns of comma delimited data). Besides standard webpage requests we get, say at most, 300 of these high data requests a day.
Do we sacrifice security somewhat and buy one gigabit switch and put the database server and webservers in our trusted zone of our firewall? The thought being the the webservers will communicate directly to the database server (gigabit connection) before it has to go out through the firewall at 100mbs to the internet. Alternatively, we could put the webservers in the DMZ. but then they will be limited by the firewall since they will have to go down to 100mbs to communicate with the database server in the trusted zone. How much does this impact a large request since it still has to go back out through the firewall but then limited further by a 3mbs connection out to the internet?