[ale] VPN choices...

[Jonathan Rickman]

> I'm not sure how you seperate VPN "access point" from firewall, but then I'm a
> programmer not a network guy.  Currently, DMZ not required but I have heard
> that we may begin hosting our own public server(s), so DMZ support would
> probably be good.

The Checkpoint appliance I linked to earlier has DMZ support. With the
Cisco gear you have to step up to the 515 ($$$) to get a dedicated
port. The good news is that Cisco gear is plentiful on the used
market. Assuming the Linux users are reasonably tech savvy,
configuration will not be terribly difficult for either. FreeSWAN
works well with the PIX. On the checkpoint side, native clients are
available for MS and Apple, but the Native Linux client is fairly
outdated (by Linux standards) so it can be a little tricky to set up.
The Checkpoint is probably a better solution from a pure
administration perspective, other than the linux clients. I'd play
with something like smoothwall before making any recommendations to
your IT guy. Smoothwall is very nice, and is getting better and
better. Sounds like it would work nicely for you.

--
Jonathan