I am trying to help out a side client who three small offices, and each office only has 3-9 employees. Currently, only his "main" office is the only office with a Windows domain controller server, and the other two office just use remote desktop (terminal server) to connect in. However, his main office has a residential grade D-Link router and has port 3389 open for the terminal server sessions. He recently got some sort of DBrute virus, which it seems uses port 3389. I want to put in new firewalls that connect each office with a hardware VPN. In my "real" job, we use a Sonicwall firewall, and since I am familiar with Sonicwall products, I am thinking of simply recommending that he purchase a Sonicwall TZ 200 for this main office with the server and two Sonicwall TZ 100 firewalls for his other two offices. Does this seem like a good option? The Sonicwall's aren't very cheap, but I assume they are decent products and will be somewhat similar to the older Sonicwall Pro2040 I manage at my real job. I assume both the TZ 100's can VPN to the 200 permanently?