[VPN] Recommendations

[Michael Ray]

On Thu, 8 Apr 2004 23:39:58 -0400, you wrote:

>I'm looking to setup a site-to-site VPN the replace a leased line used
>solely for AS/400 access. I have a couple questions as to what I should get.
>
>The main office consists of about 25 users with static SDSL. The remote
>office is about 5 users with dynamic ADSL.
>
>I've looked at the PIX-501, but I've always been a little scared of per-user
>licensing. If I purchased a 10-user PIX-501, and set it behind the SDSL at
>the main office, it would only allow 10 users to get Internet access?
>
>No matter what product I choose, would a site-to-site VPN work with a static
>address on one side and a dynamic on the other?
>
>Would any PIX handle PPPoE with a dynamically assigned IP?
>
>The company is cost-conscious, and I've looked at the PIX-506E, without the
>per-user licensing, but it is 50% more.
>
>Any comments or suggestions as to which products I should look at would be a
>great boon to me. I prefer Cisco products, because I am familiar with their
>interface, but am flexible.
>
>I would appreciate any help with this, I had Cisco certs back in the
>hey-day, but I worked with them so rarely that I let the certs expire.
>
>Paul
>

I would look at the Netscreen 5GT products (standard and extendend)
and Fortinet's Fortigate 50A or 60 depending on your needs. Both
companies offer antivirus, higher level content control on top of
firewalling, IDS, VPN and traffic shaping, etc. 

Netscreen's option is a bit more for the AV and Deep Inspection while
Fortinet includes them standard. They are both easy to administer and
will work with your static to dynamic VPN requirements.

As a side note. Forinet was founded by one of the original Netscreen
founders.

http://www.netscreen.com/products/at_a_glance/ds_5gt.jsp
http://www.fortinet.com/doc/FGT50A_100DS.pdf

Mike