"Wrong!!!

Cisco ACL's will not provide you with Stateful Inspection firewalling. It will give you the ability to filter traffic, which is better than nothing, but I would not consider a Cisco router to be a replacement for a firewall.

I would agree with some of the previous posts that a PIX 501 is probably the way to go for the $$, but I think there is a much more user-friendly choice in a Checkpoint solution on an S-Box platform. (As the previous post states)

http://www.sofaware.com/"


If the guy sets up extended ACLs properly, than he would be able to properly filter, untrusted addresses, and specific protocols from getting to the server. That would be great protection at great cost, plus, with the investment in the router, it would provide for future growth of the network if future growth was implied later on. The guy could use some type of 3rd party software for stateful inspection firewalling ( unless running a linux box with kernel 2.4, comes built in with the standard Linux firewalling features).