While I see people recommend NetScreen, I can not based on my experience with their techs, which includes level 2 techs.
While researching options for a firewall for a client, none of the techs at NetScreen that I talked to could answer a basic question: Does NetScreen firewall do stateful packet inspection? 5 different techs, including a senior lead tech, could not answer yes or no. (The fact that it does is not the point here, the knowledge by their techs is.) We have 9 Sonicwalls installed and am very happy with them. (Clients and in-house.) The comment about ISA server in a environment where security is at most, I would recommend a primary firewall, such as a Sonicwall, as the first line of defense, (with a DMZ behind that in Normal Mode,) then ISA server between the DMZ and the Internal LAN. ISA is an excellent product for integrating with a LAN. However, as someone else said, when it comes to security, there is on one end-all product. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com