A Dedicated Firewall for a Small Town?

Germ-X asks: "My city's IT Manager is proposing a dedicated firewall system to protect the IT infrastructure. The solution, that is going to be presented to the City Council, is based on Windows 2003 and Symantec Enterprise firewall. It will be running on an HP DL380 G4, and will cost the city about $13,000. Most of that amount will be going to software licenses. I don't know the features of Symantec Enterprise Firewall, I just think that the city could do much better going for an applicance kind of solution, even if they stay with Windows. What do you guys think? Any other ideas? Keep in mind that this is a small town and I don't think we can count on any big time sysadmins, like most of yourselves, being on staff."

You are doing WHAT to your town?

[mnmn]

I'm appalled. You will firewall off an entire town and check every packet for viruses???

A few things why this is a terrible idea:

A single firewall like this will really make things slow.
You are playing big brother. Expect to be asked to block P2P and games even.
The performance will be terrible. VoIP will be unusable.
Cost will rise, it will not scale. Dont allow immigrants.

See, if you want to provide an Internet connection, just buy some fat cisco or juniper switches. Divide the bandwidth fairly at level 2 and leave it at that. Some will use VPN, some will use P2P software, others will just browse and email. Leave the computers in their own hands. Setup a service whereby you'd re-image their computers for free, but apart from that, let them be. OpenBSD is awesome for a company where everyone should be working and computers are all owned by the company (IT department responsible for fixups). A town sounds like a place where people live in their homes doing whatever they want to do.

Youre not a part of the new homeland security are you?