Since my Linux firewall PC just **bleep**ped out, I need a firewall. I lost the PC, I need to turn my spare Windows XP Pro SP3 system into a firewall. (I can't give up the services this PC supplies for me.)

I'm looking at ZoneAlarm, but I don't know which version. And I have some questions about some features that I can't figure out if ZA provides. I'm hoping that someone can read my list of requirements and tell me which version of ZA is the one for me (if any). I'm a long-time user of Check Point, Pix, Raptor, etc. I run some services, and do a lot of work out of my house, so I generally design my network and firewall like a small company. I'd run the full-blown Check Point if I could afford the license.

I connect this PC directly into the cable modem (Comcast). They provide an IP using DHCP, so the firewall must allow this and be able to configure itself with this IP.

Comcast likes to change the IP address occasionally, at any time - not just at boot. The firewall must be able to accept the middle-of-the-day DHCP traffic, change the IP, and continue functioning - without me rebooting the PC!

Behind this firewall I have 4 more PCs, a wireless router, and a printer. (So 6 IP addresses behind the firewall. I don't know if ZA is licensed by the number of IPs it's protecting. Is it?)

The firewall PC also runs an SMTP server and a Web server.

It would be nice, but not necessary, if the firewall software would run anti-spam on the email coming in.

It would be nice, but not necessary, if the firewall software would run anti-virus on the files requested by the PCs behind the firewall.

The firewall must support both inbound and outbound rules on all interfaces/networks individually. My Internet-facing rules will be very different from those facing my home network.

I need to set up permit rules using specific source IPs and destination ports. That is, I want to be able to VNC into the firewall from my work, and only from my work.

The firewall must do port-forwarding. I want to be able to VNC into my desktop that is behind the firewall. So if my work IP connects to the firewall on port 15900, the firewall must forward the traffic to my desktop on port 5900.

It would be nice, but not necessary, if I could load the software onto some of my other PCs - Vista 32-bit, Vista 64-bit, and the firewall itself running XP Pro 32-bit. I think that ZA Extreme will license for multiple PCs, but will it do multiple OSes with that 3-PC license?

It would be nice, but not necessary, if the firewall software allows for IP ranges to block source networks. That is, I want to deny and Since I have numerous blocks to define - entire countries - I do not want a thousand rules, so I want to be able to block them.

So, can ZA do all of the things I need?
Will it do some/all of the other things that I'd like?

Lastly, I notice that ZA extreme is licensed per PC per year. What does the yearly fee get me? Virus signatures? Smart Defense signatures? Anything else?

Many thanks in advance.

Operating System:Windows XP Pro