Web-server to database-server

[Bjørnar B. Larsen <bbl () avenir no>]

I'd like your opinions on the following:

A webserver (WS) is to be accessed over internet; http and https traffic
only. WS will access and update a database-server (DBS); database engine not
known at present time. An internal server (IS) will gather database records
from DBS. No other traffic is going to be passed through the firewalls (DBS
can't initiate traffic anywhere, WS only to DBS, and IS only to DBS).

A. Given the opportunity to have two firewalls of a different kind (FWx and
FWy), what is the best setup? 

1.
        WS
        /
inet--FWx--FWy--IS
       \
       DBS

Break-in to DBS: WS--DBS or FWx--DBS
Break-in to IS: FWx--FWy--IS

2.
        WS 
        /
inet--FWx--FWy--IS
             \
             DBS

Break-in to DBS: WS--DBS but through two firewalls with different stateful
inspection/proxy capabilities
Break-in to IS: WS--DBS--FWy--IS or FWx--FWy--IS (or WS--FWy--IS, but that's
unlikely)

B. What firewalls/proxies would you suggest for FWa and FWb? 
C. Any thoughts on IDS (intrusion detection systems) in this environment?
D. Any suggestions or comments regarding database engines/interfaces,
web-servers, operating systems?
E. Any other aspects I should think of?

Thanks a lot in advance!

:) Bjørnar