We are a small firm with 4 web servers and 5 other servers that are exposing to out side.
We have only one physical network exposed to out side,all the servers are running on Windows2k and windows2003 with EatherNet Network.
we don't need any VPN
can any one suggest a good hardware firewall within the range of $2500??
At present we have CISCO 2600 series router,And we need to Have automatic failover facility for this firewalls
to serve this purpose we are ready to take 2 firewalls,
I have used Sonicwalls Pro series that I liked and some of the models fall into the price range you specify (you can get them outside that range also).
I you are only talking about 9 servers, you can get the Sonicwall SOHO series 10 for around 500 dollars and can upgrade for larger amount of users. I use this now and have had it for about 3 years. No problems and in my case I used the VPN option for a couple of years to connect with our offices in NY and we were constantly connected 24/7 with no problems.
For the price you've suggested, I would suggest something from Sonicwall as well, they get good reviews. You can probably pick up Sonicwall Plus for around $2000.. or maybe a Netscreen 10 for a bit higher... you won't need VPN support, so don't buy one of the higher models that includes it by default, it'll just waste your money. Though plan for the future.. you may want to implement a VPN later in which case you'd need to spend more money.
Why don't you consider an application level firewall ?
You said you require redundancy ? Consider this carefully... from a security point of view, installing two of the same type of firewall will give you no redundancy.. if an attacker takes out one box, the other box will be just as vulnerable...
if you're worried about failover due to overloading of the single firewall.. check the traffic rating, you'll probably find that a hardware appliance will comfortably handle most of what you throw at it (as long as you don't go writing pentagon.mil length rulesets).
You could also offload a little bit of processing to the border router.. just chuck out basic stuff like block private IPs coming in from the external interface and block source routing.. chucking those out at the gateway will ease up the firewall a bit (though I really doubt you'll notice any difference.. most of these boxes are very sturdy).