Originally posted here by NoTx
Will the 515 really accept (via hub) two seperate connections to the internet (seperate WAN connections)? As I have been told?
You can certainly connection multiple WAN connections with the use of a hub or switch, but the bigger question is how the Internet connections will be used. Are they both going to remain active simultaneously? If so, you will have trouble with routing because you have no way to distinguish one default routing path from another. The solution to this is to use BGP, but it doesn't sound to me like this is the case. If they are simply for redundancy purposes, you could certainly use weighted statics to get the job done. Also, if these are strictly for VPN connectivity, you should be OK as well.

As far as a recommendation, it really depends much on how much you plan on managing this firewall. If your config will be fairly static, I would suggest the PIX-515. However, if you plan on having complex policies or a very dynamic rulebase, the Checkpoint solution is definately the way to go. IMHO if you can afford it, Checkpoint is the better solution all-around because of some of it's optional features that can be expanded. Such as SecureClient for VPN's, which allows you to manage and enforce a personal FW policy on the remote users side. Checkpoint can definately get a little expensive though depending on the environment. The beauty of it is that CP runs very well on linux, so you have a very cheap hardware solution, and can just worry about the FW licensing.

CP licenses their software based on the number of protected hosts, or in other words the number of IP addresses on your network. If it is more than 250, I think you are forced to go with an unlimited license.

Good Luck!!