Those of you who need to use either PPTP or IPsec based VPN tunnels to connect to another network won't be disappointed by the SOHO.  Contrary to what you may believe from reading the SOHO's product descriptions, you don't have to buy a $500 VPN upgrade to get VPN capability.   The SOHO handles VPN passthru for both unlimited PPTP and IPsec clients and will support a PPTP server as long as you establish the proper Public Server via the Access features (see this page for info on doing this).  Note that your clients will need to be running the appropriate VPN client software for this "free" VPN capability

So why would you want to spend $500?  The simple answer is that you need the VPN upgrade if:

• you want to establish IPsec based VPN connections from the WAN to machines on the LAN, i.e. allow remote users to securely access LAN clients via your IPsec server

• you want to establish a "box-to-box" VPN with another SonicWall product, to connect two offices, for example

• you don't want to run VPN client software on your clients, but want the SOHO to terminate the VPN "tunnel" from a remote VPN server instead.

If you want to do any of the above, you might be better off with the SOHO Telecommuter.  The Telecommuter has the SOHO's capabilities, plus the VPN "upgrade" built-in.  The trade-off is that is supports 5 vs. the SOHO's 10 users, but at an on-line price of $500, it's a much better deal than a $370 SOHO plus a $500 upgrade!  By the way the SonicWall VPN is compatible with IPsec VPNs like the Check Point Firewall-1, Cisco PIX, Nortel Contivity and Axent Raptor.

Remote users accessing your VPN enabled LAN will need VPN client software, which can be downloaded from the SonicWall site.

After wading through all the features, many of which are considered "Advanced" on other routers,  I thought "What could they possibly have on this 'Advanced' menu?"  Answer: Features that really are advanced, and probably beyond the scope of most small LAN users.  But read on and decide for yourself!

Proxy Relay
The first Advanced tab allows you to automatically send all HTTP requests to a Proxy server instead of directly to the Web, without having to change any LAN client browser settings!  Not really a small LAN feature, this allows web page requests to be filled by a local proxy server instead of going out over the web to fetch the page.  Done properly, this can conserve bandwidth (done badly, it really ticks off users).  The catch is that the proxy server must be located on the WAN side of the router.  If your ISP has one of these servers, you can experiment with enabling and disabling it to see if it really speeds web browsing, and not have to mess with changing anyone's browser settings.

Intranet
This feature allows you to use the SOHO to protect only some machines connected to it.  You can enter up to 64 IP address ranges and have those ranges be attached either the the SOHO's LAN or WAN port, or use the normal configuration of having the WAN link attached to the SOHO router.

I have to confess that I found this feature hard to follow and even this FAQ didn't help much, except to explain that most people probably wouldn't use this feature, and that you can't use this feature and NAT routing together.

Static Routing
Moving right along, we come to the third tab that allows you set static routes in cases where you use the SOHO on a LAN with other routers and want machines behind each router to find each other.  Note that the SOHO does not support any dynamic routing protocols such as RIP, since SonicWall feels that they are insecure (see this FAQ).

One-to-One NAT
Hidden deep in the bowels of the SOHO's menus is this neat little feature, usually found only on enterprise grade routers.  To use it, though, you'll need to have more than one IP address from your ISP.  If you do, then One-to-One NAT allows you to set up multiple Public Servers that can be assigned to different IP addresses.  See this example of three LAN based webservers assigned to three WAN IP addresses.

If your brain hurts, just hold on 'cuz we're coming into the home stretch!