SmoothWall, available in both commercial and open-source versions, offers a similar feature set to IPCop. M0n0wall is another open-source firewalling and routing alternative, based on FreeBSD and the stellar Packet Filter (pf) firewall. M0n0wall is designed to be booted from flash on commodity hardware, and boasts a completely PHP-based initial configuration – no command-line required. pfSense, also based on FreeBSD, is focused on non-embedded applications.
Any of these projects are more than capable of performing firewalling duties for a network of any size, assuming they’re running on suitable hardware. The configuration and management might be a little less straightforward than some commercial products (though in some cases, they can actually be simpler and easier), and support is generally found through discussion groups and FAQs rather than a phone call to the vendor. But these days, even most vendors try to push support requests through FAQs and support forums anyway, so it might be considered a tossup.
Finally, one of the more esoteric aspects of open-source routing is that it can be run within a virtual machine. Yep, even your routers can run on a hypervisor. While the only interfaces you can present to a VM router are Ethernet, that’s all you need to virtualize your VPN concentrator or to perform basic firewalling duties within a wholly virtualized infrastructure. At remote sites, if the Internet circuit handoff is Ethernet (as many are), then a virtualized open-source router can handle all the routing duties as well as VPN and firewalling tasks, all while sharing the same hardware that runs local server VMs. Essentially, you have a true office-in-a-box. All you need are the users.
When all is said and done, there’s little argument against using open-source routing and firewalling tools in most any network, as long as your admins are comfortable with the technology. We know that open-source routing and firewalling solutions can meet or exceed the performance and stability of their commercial counterparts; the proof has been in the proverbial pudding for many years now. Maybe it’s time to hand over yet another part of the infrastructure to the open-source rebels. After all, in for a penny, or in for a pound. It's good to have that choice.