Agreed with Sandeep and James. $200 to $500 is nothing. A Cisco ASA 5505 is a nice little firewall. Most good firewalls allow everything out and deny everything in as Sandeep mentions. So you have to open ports 443, 987 if you need SharePoint, etc. And, of course, 8080. The Cisco RV 042G is a little cheaper but is able to block IPv6 traffic.
Hardware firewalls not only block certain traffic they stealth your system by blocking certain ports. Just for fun, open port 3389, the number one port hackers look for and look at the logs James talks about. There could by thousands of attempts especially if you don't limit password attempts. At that point, it is only your username and password stopping the outside world from accessing your network. Since most people use admin as their username, then a brute force attack using a dictionary shouldn't take long. The reason not to use actual words as a password even if they are random.
So close port 3389 (which should be closed by default), make the username, cupcake, the the password "8gHy%$22}" with only three to five attempts, you should be all set.
I have an ASA 5505 and except for free firmware, I don't pay anything else annually. I think SonicWall is different. You pretty much have to have a firewall and with static IPs, they really aren't that hard to configure. Most, if not all, allow you to use a wizard. Then there is port forwarding, which is only difficult if you have nothing to forward.
I think the only thing is the terminology such as public and private side, default gateway, public default gateway, subnets, etc. All of this is in the long edition of the PDF manual. But, with the right IP and DNS addresses from your ISP, most techies on here should be able to log in and configure it.
