Does anyone put a VPN in the internal network or does that become a security risk?

As for the "firewall in front", wouldnt a deep-packet inspection firewall add a lot of security?

I'm just trying to understand why the edge firewall wouldn't add any security benefits. I mean whats the weakness? Are there ways around it if going through the firewall is the only way into the internal network?