I think they are all pretty good. I am using Sygate. I have been extremely happy with it. I have been very pleased with it. As far as I know, the firewall is basically how much you want to spend. A hardware firewall is much better from my understanding.
Jay Sudowski // Handy Networks LLC // Co-Founder & CTO AS30475 - Level(3), HE, Telia, XO and Cogent. Noction optimized network. Offering Dedicated Server and Colocation Hosting from our SSAE 16 SOC 2, Type 2 Certified Data Center. Current specials here. Check them out.
although it can be done, i would not put a firewall on a machine running anything but the firewall. this tutorial, Socket Pooling in Windows Server 2003, explains how to set up ISA server to run on the same server.
in the interim, Jay suggested a good solution using IPSec...but watch out that you don't lock yourself out like MaxKnight said. here is another link, with pictures , for Using IPSec to Lock Down a Server
the new version ISA2004 is expected to be released this summer. very big improvement over ISA2000.
interesting. thanks for the info. do you guys know if ISA2004 will work on the web server without issues? I am thinking I might just go with zonealarm for now. And I remember to configure the port for remote connectivity
ISA Server is actually an ALG (application layer gateway).
It provides application level proxying and security policies that go far beyond typical firewalls.
Although the term "firewall" is used, an ALG is a superset of a firewall.
However, because ISA Server and competing products are OS-based and use hard disks, many security pros recommend using regular firewalls (solid-state appliances) in-front of ALG's to handle the packet filtering and stateful inspection (often in hardware or ASICs) and let the ALG's deal with the app layers (SSL/VPN termination, SMTP, HTTP caching/reverse proxy, etc.) and soon SOAP and other "port 80" tunneling protocols.