Looking at Watchguard, Sonicwall and maybe Zyxel hardware firewalls to fit this scenario.
We have 2 web servers to protect. There are no LAN users, no VPN needs, and traffic at peak times averages around 180kb / sec (even though we have a 10mb connection) - so low throughput.
My main needs are a configurable firewall.
For example, server #1 uses 3 public IPs currently (LAN is a /28 of public IPs, WAN is a /30).
For IP #1 on Server #1, we block all non-US based traffic, so my current rules start with a bunch of drops:
from: 22.214.171.124/8 to xxx.xxx.xxx.100 drop from: 126.96.36.199/7 to xxx.xxx.xxx.100 drop
then let in my web traffic - from anywhere to port 80/443 allow to .100, .101, .102 etc.
Watchguard was helpful on the phone and recommended the X550e - around $1,100.00. Seemed a bit overkill as the specs on the smaller X10e seem to be sufficient.
Anyone familiar with these units? Any suggestions on what we might look at for a firewall?