Not knowing exactly what firebox model you are using will make this answer more generic than specific to your needs. Your question leads me to believe you have only three interfaces, thus one for the external and two for the internals. I'll assume you want to keep costs down and provide maximum benefits.
Most typical firewall configurations of this type will use a router inside the firewall to connect several internal segments. Another solution may be a switch that will VLAN the segments, thus you could have all internal three segments connected to the router/switch, then into the Firebox. These devices could be configured with rules to allow/deny certain traffic/routing. The firewall rules would allow filtering of traffic into your system and the backend router/switch would allow routing of the traffic after the firewall.
Other considerations could be the use of NAT and static routes on the firewall. If I've understood your question, routers or switches may accomplish your task without the need to purchase or upgrade your current firewall. The router/switch doesn't need to be top of the line, but should have the ability to restrict traffic. Ensure all unnecessary services are disabled (Telnet, SNMP, FTP., etc.) and you configured the devices with secure passwords.
For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Infrastructure and Network Security
This was first published in February 2002