First of all, I am not a network administrator and security guru, just an small business owner with a distributed network who needs help in figuring out which devices to place where.    We are a micro company with 3 offices located in private homes. One in UK and 2x in Florida, USA. We currently also have a hosted server at UKFast in the UK. We have subcontractors connecting to our WAN via VPN. We currently have a expired SonicWALL TZ400 in the main home office in the US (US1) and a old Netgear router in the UK (UK1) with site-to-site VPN connectivity between US1 and UK1. The US2 office connect with the US1 office via client VPN.   Both the US1 and UK1 office has a VMWare ESXi Host Server with the vSphere Server managing the hosts located in the US1 office. Domain Controllers for Active Directory located on both US1 and UK1 host servers with a completely separate DC and network for the servers hosted at UKFast. Production workloads exist on US1 Host and UKFast.   I know having production workloads on VMWare host servers sitting in our homes is not ideal, that is an entirely different topic and on the radar to address in the not to distant future. We frequently connect with various different client VPNs using a variety of different VPN clients as made available by our customers while we work on software implementation projects. We often connect back to the home offices via client VPN while traveling.  All the offices are in private homes with Static IP Addresses. All the offices have some form of WiFi for both personal and business use. I need assistance with selecting the right mix of products to support: Site-to-Site VPN between the sites - US1 <--> UK1 - UK1 <--> UKFast - US1 <--> UKFast - US2 <--> US1 (optional, can also use Client VPN) - US2 <--> UKFast (optional) Consider separation of company and private home networks Advanced Security at Internet exposed nodes.         ... View more