Hardware/Firewall is nice, but not as flexible as you may want it to be further down the line. Great start, however, i would also add a file hasher to compare when an intrusion does occur, so then you will know what files they played with, etc......
Try as much as you can to make sure you can run the programs as non-administrative(almost impossible under windows, but try nonetheless).....
I believe with sygate you can specify which ports are open, etc.......

Have fun and play well........

once you feel comfortable, don't hesitate @ using a honeypot.