Yay, another chance to pimp pfSense, Snort, Squidguard, and Lightsquid running on a spare box in your network! You could also get other types of IPS/IDS (IBM Proventia, for example), but pfSense is free and will work exceptionally well for what you're trying to do. Try it today!
It's also a fun project to do to earn those golden overtime hours!
Calm seas never made a skilled mariner. But, sadly I'm an A's fan.