Linux firewalls and security

I was curious what was the dominant thinking about security.

Here's my situation:

I have about a 100 servers coming up for a computational cluster. The
access required is mainly ssh and a couple of other services. We know
specific I/P addresses or domains that ought to be allowed access.

Either I can have a single firewall protecting them or firewalls that run
on each machine. I have always relied on the single firewall solution. But
that exposes one to te single-point-of-failure arguments.

What's the dominant thinking about this kind of security? If one has 100
identical machines is it better to secure one "access machine" or them

Of course, each machine has the usual secure passwords etc. but this
question is for precautions above that level.

Maybe this is too philosohpical and lacks a generic answer....