What do you think are the best small business firewalls?  (up to 100 employees)  I'm thinking of hardware (routers... etc) 

Currently we have the firebox soho6 (router/firewall,) which seems good, but is proprietary, upgrades cost $ - the unit was around $300 when we purchased about 18 months ago. 

I've also used Linksys wrv54g and wrt54g.  I think these have pretty standard firewall features.  Any advantages to the more expensive units?

In fact, the DLink DI524 seems fine too.  Any disadvantage to going with a unit like this?  For the $$ it seems pretty hard to beat.

I haven't seen any real advantage to the soho6.  It has a maintenance feature that allows a vpn client.  Thats about all I can think of.

Also, I've been hearing about the barracuda firewall.  From my reading, it sounds like something this advanced is mostly for companies that do hosting or have bigger networks than what I'm looking at.  What do you think?

Also, are there any stand alone firewalls (no router) worth mention?  Does that even exist?

Thanks in advance to anyone who contributes!
J

The Cisco Pix is the industry leader, as Cisco tends to be.  The only disadvantage of the Cisco is that you have to learn how to configure it.  That's no big deal, though, because there are lots of Cisco certified people around.  If you want something scaleable and secure, the Pix is what people in the profession drool over.

The SonicWall is another popular one.  I have no direct experience with it, so I can't tell you what the pro's and con's are.

For my connection, I just installed OpenBSD on an old computer I had laying around and used the PF firewall daemon.  If you are willing to learn a little Unix, you can build it for the cost of a few network cards.  OpenBSD is the most secure operating system in the world, and PF is a professional grade firewall.  The thing is endlessly configurable and nearly unhackable.  Once you get it up and running, you could also run a dhcp server, dns, ftp, sendmail, or pretty much anything else you need on your network.

There is a great guide on how to install OpenBSD on the OpenBSD.org website.  I was able to get it installed in one evening with no prior Unix (and very little Linux) experience.  There is also a PF User's Guide in the FAQ on that site.  PF took me a little longer, but it's not hard.  I was just new to it.

I'd consider writing a guide, but don't think I'll be able to out-do the devolpers' version.  There is also a guide somewhere on how to create a firewall with OpenBSD and PF that doesn't use IP addresses.  It's even more secure that way and conserves your IP Addresses if you are worried about that.  I could dig it up if anyone is interested.

A guide I do plan to write is how to boot OpenBSD from a flash drive.  My firewall box is driveless.  The old hard drive that was in the computer was so noisy it was disrupting people.  So, I replaced it with a 512 MB USB thumb drive.  The computer was too old to boot off USB, so I had to make a custom kernel to put on a CD that would load USB support and then transfer control over to the USB drive.  It took some doing, but it works great now and the computer is nearly silent. 

If anyone is interested, I can put that guide into high gear.  I took good notes along the way, so it wouldn't take long to type up and throw up on a page on my site.

The cheaper firewalls work ok, but they lack the features and configuration options of the better ones.  They are 100 times better than not having any protection, and you can get them up and running easily, but they don't scale well to bigger networks if your network ever grows.

Here is a guide to installing OpenBSD:
http://www.openbsd.org/faq/faq4.html

Here is the PF User's Guide:
http://www.openbsd.org/faq/pf/index.html

Here is a guide to setting up a firewall without IP Addresses:
http://ezine.daemonnews.org/200207/transpfobsd.html

And here is a guide to setting up a spam filter:
http://www.pingwales.co.uk/2005/06/10/Filtering-Spam-with-OpenBSD.html

There are lots of guides on these subjects, and each one does it slightly different.  I'll try to work on my guide to booting from a flash drive this weekend.

If you decide to learn BSD (or any Linux/Unix OS), the man pages will be invaluable:
http://www.openbsd.org/cgi-bin/man.cgi

To filter for spyware and virus signatures you would need something more like a proxy server.  Unix has several proxy server programs.  I think the most popular one for OpenBSD is called squid.  I don't know how to get a proxy server to filter for malware, but I'm sure it can be done.  The only thing is I'm guessing it is going to use a lot of resources, so you might need a more powerful computer than you would need for just the firewall.

I did a quick Google search and found lots of utilities that will scan email going thorugh the server.  I also found one that will do exactly what you want for all http and ftp traffic.  The only problem is that it is for FreeBSD and not OpenBSD.  They are simular (but not the same), so I'm sure there are utilities out there.

http://www.icewalkers.com/Linux/Software/523900/AVIRA-Antivirus-for-WebGate.html