Hi All, I am assessing a Watchguard Firebox II at present for our corporate firewall for a LAN of about 350 users, and I have an issue of how to protect the LAN when users VPN in from the internet. They currently have dynamic IP's, and accordingly I have to allow access to the firewall for basically anyone wanting access to the VPN server (built into this firewall). I see this as a risk, and would prefer to have static IP's for all our users and filter traffic accordingly, but this is not feasible as we will probably have staff using their own internet connections wishing to VPN in to the office. I don't think the Firebox provides a verification service that a user can firstly connect and authenticate against before they attempt to VPN in to our LAN. So how would people suggest I handle this scenario ? Thanks, Andy. __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]