Question : How do I create isolated networks in the same office

A client of mine is moving offices and merging with another department. I need to put them on the same network but isolate network traffice between the departments.

In summary this is the setup.

There will be 1 Internet connection that is protected by a watchguard Firebox. All departments will use this link. There is another link that goes to a datacentre through a fibre link (the datacentre is in the same building).

There are 10 workstations and 3 servers that are housed inside the network that also need to talk to the datacentre.

There are another 14 workstations that are not to have any access to the above machines or datacentre.

As well as this they have an exchange server and a file server that all machines need to have access to this.

I think setting up 2 VLAN's is the best way to separate the network and have the FS/Exchange server as members of both VLAN's.
It has been a long time since I setup a VLAN and would appreciate some help in coming up with a solution to solve this problem.
Also can you recommend the best switches to use.

Thanks

Answer : How do I create isolated networks in the same office

shared servers and internet path to be members of both VLANs...- those ports will configured as "trunk"
Other ports - VLAN1 VLAN2 according to their group.
I will never understand people using 192.168.x.x on production, it is ment to be use for home network.
It is more beneficiar to switch IP to 10.10.0.0/255.255.0.0 for example, use "logical " blocks  , and separations with VLAN's.
10.10.0.1-10.10.0.255 - office
10.10.1.1-10.10.1.255 - guests
10.10.2.1-10.10.2.255 - contractors
10.10.3.1-10.10.3.255 - VPN users
10.10.4.1-10.10.4.255 -  remote branch
 and so on.........in this case you have 65K adresses available to you.
This way much more easy meanage securty, and will make live easier too.