Recommendation that I use for both residential broadband and commercial customers that want an effective firewall and don't want to buy $$$ cisco pix's. Use an SMC7004abr, it is a 4 port 10/100 switch with NAT and DHCP built in. It also has a parallel port so that you can plug a printer into it and print to it from any machine in the network. It also has a serial port for an external modem for failover, broadband goes down it will automatically dialup if you have that kind of setup with your ISP. Cost is under $100. It has a wan port that you connect to the cable or dsl modem. I use these coming off cisco routers with fractional T up to dual T-1's and they work fine, the wan port is a 10mb port so unless you have full DS-3 or OC your not going to max that port out
I prefer the SMC over the the netgear and other consumer ones for it's features. Configuration takes about 5 minutes and you can lock it down tight. It has alot of nice features.
Comes in two models, 7004 and the 7008, the 7004 is small and has an external wall wart powersupply the 7008 is a rackmountable box with internal power supply. I have all my systems on UPS's so they are on 24/7, the 7008 I have now has been up for 9 months w/o a reboot, good warranty too, lifetime.
I do not recommend software firewalls, PERIOD, they are all crap. They pray on peoples paranoia and report BS and nonevent items to convince you that they are doing something. They are memory hogs, annoying as heck when trying to do updates and generally drive me nuts. I've had customers whose annoying little problems on their PC's mysteriously go away once sonicwall or zonealarm is removed.
Like I said above, I do alot of those SMC routers along with alot of external modems for the majority of customers who like me are limited to dialup accounts and they love them, specially the small business's. All you need is the router firewall, good av software and ad-aware for spyware cleaning and checking, you don't need anyting else.