I'm using Sygate Personal Firewall on a 2k3 server at the moment. You can apply exception rules per interface/protocol/direction/schedule/application. Quite comprehensive. Here's the rul summary it does:

Quote:
Rule Summary:
This rule will allow incoming traffic from IP address(es) 192.168.0.129 on TCP remote port(s) 389 to TCP local port(s) 389.
This rule will be applied to Realtek RTL8139 Family PCI Fast Ethernet NIC.
The rule will take effect beginning on the 18th of July at 12:15PM and last for 1 day, 1 hour and 3 minutes.
This traffic will be recorded in the 'Packet Log'.
The following applications will be affected in this rule: TCP/IP Services Application,SNMP Service,Domain Name System (DNS) Server.

It also keeps Security, Traffic, Packet and System logs. Occationally i'll see a report about some port scanning which was thwarted. I had some probs with zone alarm on XP, there was an issue with an update and stuff stopped working.
Sygate hasn't been a problem