If you want a simple packet filtering firewall then CentOS or one of the purpose built linux firewall distro's will suit you well. If you want more then just packet filtering, there are better options. You haven't mentioned what sort of business applications you are running. How vital to your business are those servers? Which ones are internet facing & what apps do you plan to run? Do you also plan to run the office's general internet connection through this same unit? The company I work for is in the process of replacing our aging PIX firewalls and one option we're testing, and are quite pleased with so far, is Astaro's Security Gateway products. They're linux based so use the iptables firewall but also offer more then just packet filtering. There is a cost, around $1500 for a 120, plus subscriptions for updating the signatures databases on the various filters. -- Drew "Nothing in life is to be feared. It is only to be understood." --Marie Curie