Firewall recommendations?

[<rdusek () myway com>]

I am in charge of researching a firewall to replace what we currently 
have.  At my previous job I had used Microsoft ISA in a low-security 
environment, and was happy with its features, and its integration with 
the Windows environment there.  However, at my current job, security is a 
much greater concern, and I have to admit, I am somewhat uneasy running a 
Microsoft firewall product on top of a Microsoft OS. We also had 
investigated Checkpoint as well as Cisco Pix, and found that for our 
needs, the Pix at least seemed to need _many_ separate components for the 
same functionality. My question is what are your experiences with using 
ISA from a security standpoint? Usability issues? From the Mac end? Or 
would we be better off pursuing the Checkpoint or the Pix solution? We 
also plan on implementing VPN over whatever we choose, so if you 
recommend something other than these, it should support at least PPTP and 
perhaps eventually IPSec/L2TP.  We have also considered placing ISA 
behind a Linux (or BSD) IP Chains firewall and our perimeter network to 
block some of the traffic from getting to ISA. Any comments here? Thanks 
to everybody in advance!