Smoothwall came through with a demo license for me in just a matter of minutes, and I spend a couple hours playing with it. It has a fairly complete web interface, but unfortunately even with all its fancy features I saw absolutely nothing that would allow me to operate it as a layer 2 firewall (bridging my static ip addresses into a dmz) nor does it have support for routing said static ip address without NAT. Given we have clients and servers on static IP addresses and a class C address block to boot, it seems a waste to have to static nat them all and deal with that complexity when a dual dmz solution with layer 2 support would take care of it. So it’s back to the drawing board.
Given none of the software firewall packages seem to support 4 or more interfaces well, nor do many support layer 2 firewalling, I’m looking at hardware solutions. Going with a hardware appliance type solution seems to open up the options significantly with respect to high availability, as well, which actually seems like a really intelligent thing to do since I really can’t afford for the system to be down as long as it would take to get a replacement.
Currently, my top pick seems to be the netscreen 25. It offers the features I need, and at a retail price around $2500 it seems like a solid deal.
Other units I’m looking at are the WatchGuard Firebox x750e and the sonicwall 2040 or 3060