Well, as some know, I now work at a PC assembly plant. One of our cusotmers is SourceFire. They got a really cool unit called the Network Sensor. Its Snort on linux. But even better, they pump alot of cash into Snort. I have played around a tad and am really digging the units.
The suckers are REALLY simple. Plug it in, jack in (up to 3 IIRC) the networks that you want to filter, and power it on. It has a serial console port and does ssh.