What is the best practice i.e what rules do we apply to external facing FW ? also should I have a switch for each interface.? also do DMZ servers need public IP or is Private IP ok and use Nat.??
dedicated switch for DMZ is definitely recommended.
approach security of your DMZ as a non-trusted zone. so only allow from the DMZ to a trusted zone (internal) what you explicitly define.