Depends what you want you want in terms of features but here are a few.
High end: Checkpoint - either hardware appliance or can be installed on a virtual machine if you have spare blade servers lieing around.
Positives - easy to administer, very good gui, smartview tracker is fantastic tool for debugging, software blades, application awareness, can be distributed (manager & fw)
Negatives: - Licenses expensive, can be a pain to debug if you don't know linux
Mid range - Juniper SSG's or SRX - Hardware only based appliance, alot cheaper than checkpoint - huge range from SSG5 to SSG550 to suit all business needs.
Positives - good web based gui, cheap solution (can pick up an ssg20 for about £200), very solid platform, scalable & great vendor support
Negatives - Doesn't do much in the way of layer 7, cli language is VERY bispoke at least on SSG (SRX platform is more like cisco).
Low end - Cisco ASA 505 or Fortinet - Cheap solution can pick these up for about £300 - £400 new from vendor. Does what it says on the tin.
Positives - Cheap, well known and easy to deploy, alot of documentation especially Cisco (if you have a problem someone else somewhere will have had the same).
Negatives - Not much functionality other than a basic Firewall and VPN solution, this does mean less stuff to go wrong but still... Not a massively great product.
All of the above are firewalls, all can route packets will do the major routing protocols OSPF / RIP / EIGRP / BGP. All will give the ability to setup site to site and remote access VPN. Good solid products, I wouldn't use a router from personal experience.
Hope this helps.