What I have seen has been a seperate firewall for each vendor that
you deal with. Of course, this was at a company that had a bunch
of Sparc ELC and SLCs laying around which, had they not had a use
as firewalls, would have been employed as door stops. :-) These
particular models are Black & White and are somewhat limited in
how far the memory can be expanded (16MB for the SLC, somewhat
higher for the ELC) which was not too nice for running X-Windows, but
for a firewall that people telnet (at most) into is plenty of memory.
I don't know who's hardware you use, but if you have some machines
that are too old / slow / don't have enough features to drive the GUI
apps your users demand, I would employ them as firewalls to each
of your various vendors.