I am not a security expert, although I have been always familiar with the terminology, despite the fact that I have never had the opportunity to work in so much depth in this field. To achieve my goal, I had to implement a firewall in my lab, like every enterprise company, then I started to look for an enterprise solution, but the price of most of them was too high for my requirements so eventually I found pfSense, an open free source solution which include almost of the features found in more expensive commercial firewalls.
It is based on FreeBSD, which as I’m told is one of the most secure OS, it is a good thing working in a platform to protect your network. A complete package system has also been included which allows further expansibility into the system. Packages like Snort, an IDS/IPS, Squid, a caching proxy and reverse proxy are just examples of the power that you can have in this small machine. I have mentioned Snort and Squid because I am using both of them, but you can find a pretty extensive list for different purposes.
In the official web site, you will find all the information to get started but the best thing is that you don’t need a super machine with a lot of resources, any thin client or an old computer will be able to handle the requirements. Sizing is based mainly on throughput and features.