I have an issue which i am trying to figure out we are a small company and we have some customer automated test equipment on site which they want to remotely manage. These testers are old they have to my knowledge no AV and some still run windows XP. We have our own testers which run windows 7 but no AV or Malware protection and they absolute do not go on the network. AV software interferes with the test software and windows updates are never done so not to change the config. What I am suggesting is dropping another internet line to the building having their firewall connected directly to their equipment its completely isolated from our network no problem. But I guess what they are suggesting is that if they put their firewall behind our directly connected to their testers if the firewall creates a site to site VPN would our network be isolated since everything is behind the VPN tunnel back to their location? Any guidance would be appreciated I am not a network engineer.