And it is also advisable when using a multi-tiered hardware/appliance firewall architecture, that you try and mix up the type of firewall you have. (ie. Checkpoint, SideWinder etc...).

The reason being if you have a 2 tier architecture with the same firewalls on each tier, and the internet facing firewall has been compromised due to a vulnerability, chances are the 2nd tier will be susceptible to the same attack.