Out of the listed devices on the page -- Sonicwall, Cisco, Watchguard, Netgear, Juniper, Checkpoint
-- do you have ANY direct experience with devices from those mfrs?
Secondly : what's the dollar figure of your budget? Off the top of my head, the low end for the above
vendors is going to be anywhere from several hundred to around $1000USD a pop. That does NOT
include for maintenence contract(s), spares, applicable client licence(s), etc.
Thirdly : any other requirements of the device? GigE interfaces? Throughput requirements? Needed
interfaces? Requirements for HA / backup connectivity?
Just my 00000010bits :
Sonicwall -- look into the TZ series, fairly affordable, GigE interfaces, can handle what speeds most
ISPs can handle, includes content filtering / AV / anti-X (added cost / subscription) and wireless.
Cisco -- look into an ASA 5505 or 5512X device, 5505 is somewhat dated while 5512X I haven't
seen pricing for yet. Definately "big iron" but NOT for the faint of heart / non-Cisco types. Also
in my experience is the most restrictive from a features perspective.
Watchguard -- XTM 2 / 3 is the series to look at, fairly full featured but I don't have any direct
experience.
Netgear -- read the datasheets, I do not have any direct experience.
Juniper -- SSG / SRX series is on par, and oftentimes exceeds Cisco. Fairly intutive GUI interface
for the basics, but the advanced stuff and remote management can be daunting. Again, not for the
faint of heart. If you could, get a bunch of SSG-5s and rig em up, and you'd be laughing (almost).
Checkpoint -- read the datasheets, I do not have any direct experience.
..and as I have an open mind, Zyxel USG series would be under the "affordable" and "GUI for ease of use" category.
Recommended you read
this thread for the paper specifications and pricing of the device.
From reading over the specs sheet, VPNTracker's just an IPSec-compatible VPN client for MacOS. All you need
is a device you're comfortable with, get a bunch of them, configure as needed, and ship out -- there's
no rocket science really. I'd just lab up one device and make sure it works before signing the big Purchase
Order.
Once you have the devices, shouldn't be that hard to set up a site-to-site VPN between the sites.
One gotcha about this -- are the sites on static IPs or dynamic? If they're dynamic, DDNS functionality
MAY be needed -- this is what I've heard, but I can't comment further as I don't have much direct experience
with site to site with a dynamic IP address.
said by gilbert_osm:- I need a software-based solution so that I can be fully mobile on my end. That is non-negotiable.
Have you ever heard of / tried Hamachi?
Regards