Network Topology Question

["Brandon Hanks" <hanksbc () knology net>]

I was interested about everyone's ideas on the ideal network topology using Snort.  Also, the corresponding snort.conf 
file for each sensor.  Here is a look at my plan.

Internet ---> 4Port/Modem(Netopia) ---> Snort Box (2 NICS,Gateway/Router) ---> Firewall (3 NICS, Gateway/Router, DMZ) 
---> 4Port Hub(DMZ) ---> Snort Box
                                                                                                                        
                                                                                      ---> Web Server
                                                                                                                        
                                                                                      ---> Mail Server
                                                                                                                        
                                                                                      ---> FTP Server

Local workstations will be placed on separate network behind firewall.  The firewall uses a built-in IDS.  Does this 
network need an external and/or internal Snort box to filter potential security violations?  I've read where the amount 
of traffic workstation networks receive would create a bottleneck for that network.  These workstations will be used to 
surf Internet, send/receive email, and play online games.  I would greatly appreciate everyone's ideas about how to 
create a secure network infrastructure.  Thanks...