Ajay Sharma wrote on Wed, 09 Nov 2005 23:23:59 -0800: > Right now we're looking at some open-source stuff like pfsense, > m0n0wall, etc... But I'm totally open to an affordable commercial > firewall appliance. I suggest taking a look at the Snapgear devices, now bought by Cyberguard (-> www.snapgear.com). They deliver excellent value for the money. When I bought mine about three years ago or so it was the only device under $1000 where you could switch off NAT and enable transparent/bridged routing of public IP addresses. I don't know if it still is. They actively maintain the firmware (an embedded Linux version) and just delivered a completely rewritten interface, new kernel and much more functionality. The one thing from your list which is missing is traffic graphing, however, you can add this with ntop on one of your machines. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org