What server architecture is appropriate for a multiplayer online game

What you're looking for, re: justification for a three firewall architecture, sounds like a bit of a fantasy world that isn't going to map well onto reality. Unless you control all the applications, the harsh reality is that most application vendors are assuming unfiltered and unfettered access between the software components from each tier to the adjacent tier (and, possible, to the non-adjacent tier, too).

I've done some work in environments where management-mandated "security" by way of firewalling server computers away from the LAN and minimizing the number of exposed services was employed. It was a challenge every time any new software, hardware, or vendor became involved because all the "traditional" assumptions of unfettered end-to-end connectivity within the LAN were turned on ear. Implementing anything ended up costing more in such an environment.

My strategy and recommendation for limiting communication and exposure within a LAN has been as follows:

• Use access-control lists / firewall rules on internal routers / firewalls to "paint with a broad brush" and exclude types of traffic that are very apparently undesirable (access to the subnet / VLAN that the IP security cameras are attached to from anywhere but the VLAN where the video aggregation servers are installed, access to the Internet from a subnet where only internal-facing server computers are installed, etc).

• Enforce more specific access-control rules from firewall software running on the various server computers themselves (Windows Firewall, iptables). Ensure that servers have only the required software installed and running, and that only the desired services / daemons are listening for network traffic on only the desired interfaces. Common-sense approaches to change-control, password / SSO security, and keeping operating systems and applications updated rule the day here.

Firewalls allow you to quantify and arbitrate traffic flows. So-called "layer 7" firewalls stick their nose into the application-layer traffic (and even then, at some arbitrary layer of depth into that traffic) and can enforce even more specialized arbitration rules than "traditional" firewalls. Firewalls do not "provide security", though, and are only as effective as the humans designing the rule sets or monitoring the logs. Invariably, the more tightly constrained the rules are initially, the more compromises end up being made to make the applications work.

I'd be dubious of an effort to add firewalls to "add security", personally. I see increased maintenance cost for all applications on the network without any guarantee of a quantifiable improvement in the environment's resistance against attack or diminished risk profile.

While you might find someone who has created a conventions including color, you will not find it respected universally in IT. Block diagram design techniques are often shared but specific and consistent conventions will be unique to IT departments and individuals.

Of course, with specific types of diagrams such as circuit diagrams, you will encounter more rigid standards. This does not apply in IT.

There are conventions within types of diagrams but not to the level of detail you are requesting. If you want to explore types of diagrams, this Wikipedia article is a good start.

The IEC 61131 standard includes a specification for a Functional Block Diagram in the context of programming languages. Nevertheless, as detailed before, this will not be universal.

If you want examples of how other people diagram their infrastructure in IT, the Rate My Network Diagram Web site is a good start.