I understand the rationale... if a web server is compromised he is trying to protect the SQL Servers, too. One of the things some folks do is make heavy use of IPSEC policies to limit a servers surface area. You can do that with your SQL Server, but I think the estimate is about a 20% hit in performance. If you've got Windows Server 2003 servers, there is a firewall capability already built-in. I'd look at leveraging both IPSEC and built-in firewalls before going to a software firewall. But either way you go, you're going to take a performance hit. I don't know the statistics on the software firewalls, but it can be more than you want to bear.
To be perfectly honest, if your network admin wants to go this route, I'd look at a hardware firewall. The low-end PIX firewalls are < $500. The new ASA firewalls from Cisco are supposed to be able operate at layer 2, meaning no changes would be needed on the IP address side. A bit more expensive, yes, but a more optimal solution, especially if you have multiple SQL Servers you want to protect.
K. Brian Kelley