Just read from a pretty reliable source that "...Positioning your firewall between an internal and external router provides little additional protection from attacks on either side, but it greatly reduces the amount of traffic the firewall must evaluate...". In the diagram that they provided, it was something like:

Unknown networks->Untrusted networks->External router->Firewall->Internal router

This kind of had me scratching my head as I thought it was standard practice that a firewall be placed between an external and internal reasons for the opposite reasons stated, to provide MORE protection from attacks on either side, because then what would be the point if it provides little additional protection?

On another note, I've designed my network from scratch but since I've never worked with VPN's, I'm not sure where to place them. I thought they were placed on the internal networks but it seems that its supposed to be placed in the DMZ. Just curious as to if that was correct and why.