I'm setting up/fixing a network that includes DNS and domain controllers, AD, SQL Server database servers, STMP, and IIS services. My understanding is that one right way to do this is to put the Domain Controllers and database servers behind a hardware firewall and have their communications limited to a local subnet and/or trusted IPs. The load-balanced IIS gear will be exposed to the Internet.
I need three recommendations for hardware firewall products that will work for these needs, with an emphasis on a) doing what I need them to do and b) not being a total pain to work with. I'd like to hear:
a) the el-cheapo option. What's the cheapest reasonable solution?
b) a decent midrange solution
c) the "correct" device for my needs
If you can explain briefly why you prefer one thing or another, that would be great. Thanks.