If you only have 2 Pc's going thru the FW the NetScreen 100 is WAY overkill for you. Look at the NetScreen 5.... w/ a maintenace contract.....about 700 bucks. Give you FW, VPN and traffic shaping all in the same box. This will support up to 10 users. look at http://www.netscreen.com/pub/matrix Some specs for ya Users: Available for 10 users or unrestricted users Performance: Advanced firewall policies and VPN encryption (IPSec) at up to 10 Mbps VPN: 10 concurrent VPN tunnels, IPSec standard security, 56-bit DES, Triple-DES encryption, key management, manual and automated - IKE (ISAKMP), authentication: MD5, SHA-1 NetScreen has tested the NetScreen-5 with other vendors VPNs for compatibility enabling coexistence in a multivendor network. Checkpoint VPN-1 using IKE Raptor firewall using manual key Firewall: Network address translation (NAT), transparent mode, stateful inspection, real time alarming, and logging. ICSA certified. System Management: Web based configuration or multi-site management via CLI or NetScreen Global Manager Traffic Shaping: Guaranteed bandwidth, maximum bandwidth, traffic prioritization DHCP Server: Dynamic IP address assignment by NetScreen-5 DHCP server DHCP or PPPoE Client: Request for IP address by client for class C network or request for IP address using Point to Point Protocol over Ethernet Standards Supported: ARP, TCP/IP, UDP, ICMP, DHCP (server and client), HTTP, RADIUS, IPSec (IPESP), MD5, SHA-1, DES, Triple-DES, IKE (ISAKMP), TFTP (client) SNMP, NTP Interface: Two 10 BaseT Ethernet ports: (Trusted, Untrusted ), RS-232 diagnostics port Software Upgrades: Via web browser or TFTP Server Power: DC Power, input 5V, power consumption 7.5W Dimensions: 5 inches (L) x 6.2 inches (W) x 2.1 inches (H), weight: 1lb. Certification: FCC, UL, CE, CUL, ICSA Environmental: Temperature: 40-105 degrees F, 5-40 degrees C, Humidity: 5-90%, non-condensing Best, Andy "Jim" wrote in message news:39DE6B10.4B77FCC1 @hotmail.com... > Hi, > > I am setting up a small network of about 4 machines (all running > Linux) to be co-located. I want to have a firewall between > them and the internet; I am looking for a firewall with NAT and > maybe VPN capabilities. Only two of the machines will be > receiving and responding to requests from the Internet . > > I am planning on only opening port 80 on the firewall, maybe > port 443 in the future. > > I've been looking at Cisco PIX, Sonicwall Pro, Netscreen 100. > > Our connection to the internet is on a Fast Ethernet connection to the backbone, > but due to the nature of our web site, we will not in the near term come close > to saturating the line (even temporarily), unless we have a few more racks > full of web servers (not likely in the near term, and if/when we get that big, > I won't be worrying about firewall costs so much). > > We would like to start off as inexpensive as possible. Are the firewalls > above overkill for the type of throughput we are likely to have (maximum > of 10Mb/s, initially probably more like 1Mb/s). Would I be better off > forgoing the VPN functionality and just using one of the floppy-based > linux router/firewall setups drifting around on the Web? I like the idea of > VPN as it means I don't have to open up a port on the firewall for > maintaining the colocated machines. However, I have a static IP at home > and could configure the firewall to only allow inbound traffic from my home > ip address, which saves me a bundle of cash by not needing vpn. > > Or should I just be looking at a (nat-capable?) router and not a firewall > appliance? > > I am using a Sonicwall soho at home; it's easy to configure and it has never > been down since I installed it over a year ago, so I am biased towards sonicwall, > notwithstanding the many posts of grief I've seen. It seems the PIX requires > an NT box to configure (????), and netscreen is twice as dear as PIX. > . > Any comments? > > -Jim