You asked "Wouldn't AIX be a good OS choice for a Unix-based firewall?"
(This is one question out of a 3 paragraph note, but it caught my eye)
I have the misfortune to use AIX for a UNIX based firewall. But I won't
do so again. I keep running into flaws in networking and authentication
that drive me crazy. The AIX login.cfg auth1 and auth2 facilities look
like great stuff, but are broken in practice. This and other facilities
are poorly documented.
No, I don't think AIX is a good OS choice for a UNIX based firewall.
(Want to see my scars?)
(OK, my next generation will be BSDI, or Plan9 -- what about Amoeba?)