Fortiswitch server to server traffic in the DMZ

Howdy,

I'm assisting deployment of a web app running on two systems. A Windows box running IIS (with public IP mapped to a DMZ IP) is the front end to a mongodb deployment on a Linux system. Originally the database was on an internal node and our admin noticed large bandwidth consumption in our firewall. I suggested moving the database to our DMZ and creating a vlan for those two hosts. Our admin has said DMZ-only traffic (server to server in their own vlan) will task our firewall. My understanding is it is possible to configure a separate vlan that would keep most of that server-to-server traffic in the switch.  Can someone comment 'generically' on traffic isolation so as to minimize firewall load.  We are running fortigate 6.2 in HA mode with all firewalls/switches brand new.

TIA, packetdropped