[MarioL]

Topology settings are there to provide Anti-spoofing configuration.

Spoofing is basically sending packets with fake source IPs, to try and get through the firewall. For instance, sending packets from the internet to your firewall, using some internal IP address of yours as source.

This is prevented by setting up the interfaces correctly.

What you need to setup there are what IPs are legitimate sources on each interface.

Normal configuration will be something like:

External interface to Internet: External
DMZ: Network defined...
Internal: Network defined, or if you have multiple internal networks, create them all, add them to a group and use the group here.

You should always have the "Perform check" tick as well.

I'm fairly sure that on your DMZs it should be "Network defined" and your Internet interface will need to be External.