Network reconfig advice needed

[bwanaaa]

currently using verizon fios with the router they supply-a rebranded actiontec- MI424-WR. i run one of its lan ports to a 24 port HP gigabit switch that serves the house. two access points are also connected to the switch. Everything is fine and all my ports on the actiontec are closed and it does the usual nat. But i need to open a port to the outside world so i can access one of the servers on the lan. Because i am paranoid about this, i want to put the server connected to the actiontec and put another firewall between the actiontec and the big HP switch that serves the LAN. This way I can access the server from the pan and the outside world and not worry if the server gets compromised. Another benefit is that i could add a public wifi network to the actiontec by plugging another access point into it. This would not expose the pan either.

The only problem i foresee is that the lan will be 'double natted' - I was going to use an old net gear router as the 'firewall' in between the actiontec and the HPswitch. Topology is thus:
Actiontec------>Firewall------>HP switch->LAN
.....\.......\
......\.......\
.......\.......V
........V......Public Access Point
.......Server

An alternative to the net gear 318 I have is the sonic wall TZ 105 for the firewall but do not really want to pay an annual subscription fee for security. Would the appliance be sufficient?
Is there a different device for this topology that would be better considered?