[TriLUG] Slightly-OT: Firewalls

[matt at noway2.thruhere.net]

I say slightly OT because it isn't necessarily, but could be, Linux based
and will be used in a Linux based network ....  I have been looking into
(small business grade) hardware firewalls for a while now and have been
seriously thinking of getting one.  Before I make any firm decisions, I
wanted to ask what experience the group has and for any recommendations
for or against.

The basic specs and wish list are:
1 - support for multiple public IP addresses (this puts it outside the
standard home grade)
1A - multiple servers have puplic IP address that would need to be
accounted for in either NAT or PAT* (see below).
2 - VPN for remote access
3 - throughput isn't terribly high (TWC business class)
4 - intrusion detection would be a plus, but isn't necessary at this level.
5 - Cost is a consideration (seem to range $250 - $500 in this end range).
6 - wireless is optional.  I would use wireless on one of the VLANs (my
private one), but can just as easily put a simple wireless router in too.

*Note on NAT * - I was watching a youtube video on the ASA 5505 and it
looks like you define two VLANs (one public, one private) and define ACL
rules between them, using the net masks to translate blocks of IPs and
then define the block gateways.  Before this, I wasn't even sure how this
would work.

I have been leaning towards a Cisco ASA 5505 series, but I seem to see a
lot of mention for Sonicwall.  I have also seen reviews that say stay away
from Sonicwall and go with Cisco.  From what I can tell the FortiGate
products seem to be well received, but a little more expensive.

I have considered getting a WRT54 series and putting dd-wrt on it, but I
would prefer something a little more "heavy duty" for this application.

Does anybody have a recommendation that they would be willing to share?