Typically new kids who want one-box-do-it-all setup are asking for installing x-windows, game servers, p2p clients, compilers, etc on the production server/firewall. That is stupid. Firewall should have minimum visibility and default package selection mostly sufficient. Choose carefully any additional software for installation and use “tailored for SME” packages where possible. Start with stock options, after you learn of SME specifics and internal structure (after few reinstalls J) add one by one add-ons like System-monitor, Antivirus, Spam filters etc… Once achieved desired minimal usable configuration, declare it “production”, leave it alone and do further testing on separate internal test/development server.