What kind of architecture are you planning? Will this be a trihomed firewall or do you plan on two firewalls with the DMZ in the middle? Do you need failover capability? How secure does this need to be? What services will you allow in/out?
What kind of firewall do you plan on using? There are good firewalls based on unix/linux, windows, and appliances. My personal prejudice for the most secure, configurable, and inexpensive firewall for the majority of needs is openbsd running pf. The disadvantage here is unix user hostility. If you are using linux a good book to start with is the new riders book on iptables. There are also many prepackaged firewalls out there but most seem to be designed to protect your home network.
For external access by employees, I assume you are planning VPNs. They can be accommodated by a variety of platforms using radius authentication from your windows domain controllers.
Some of your description is confusing. Normally the term intranet is used to describe the company network behind the internal firewall, not the DMZ.
I agree with using unix/linux systems on the DMZ. Historically, this has been safer although the facts may be changing now. Regardless of the OS, all bastion hosts and firewalls need to be hardened. Systems like the cisco pix come that way, which is part of the reason many people have trouble configuring them. There are several books on linux hardening. If you need a reference on hardening windows, check the NSA site.