I'm loooked at buying a sonicwall and considering either to TZ190 or the PRO 2040. The firewall must support 100 internal clients for light browsing over adsl and email. We also require VPN access for 20 remote users although only around 5 will require access at any one time. We need to be able to tie it into active directory to restrict user access to websites. Currently with have a active directory group called internetusers which will required internet access i.e port 80, 443 but no access over other ports. We would then like to be able to block all other users being able to access all site except for 5 sites that everyone requires access to which includes our couriers website. Also will need to give administrators access over all ports.

I would like to know if these 2 firewalls will do the job and also whether i need to pay for the enhanced version of the OS. I will also be purchasing the content filtering at a later date.

Ok...speculating on the AD tie in since I have not done it yet myself...I'm about to though, but I don't think the TZ models have a tie in to AD like the Pro series does. They might do something via radius maybe...don't know for sure, but I do know that the Pro series has a directory services connector you can download where the TZ line doesn't.

For 100 users I'd go with the Pro 2040, you might could even do the 1260, but looking at the throughput numbers when all security services (IPS, Anti-X, Content Filter) are running might be a little low for you. Also, I think Sonicwall has some Q2 promotion that will give you the Enhanced OS for free if purchasing the 1260, 2040, or 3060 series.

Hope I could help.
   

agree with cajuntank, compare the throughput specs between the models, check the VPN throughput differences. The Enhanced OS is nice but not absolutely necessary. The content filter is nice but expensive. If you go with the Pro 2040, find out when the model was released, Sonic likes to drop support for older models, forcing you to upgrade.
Frankly stated, Sonicwall makes a good firewall, but their marketing is deceptive

Fully understand as to what you get with a basic unit. Be aware of the yearly hardware support cost, which you need in case a unit dies and for firmware upgrades; you need to purchase support for as long as you have a unit. Fully understand what you get with the basic units, and what you need to purchase additional for your needs for each model your considering.
You need VPN or SSL for network access, going through port 3389 is not good. It will allow you to restrict web cruising to only sites which you allow, and your admins can have bypass the restrictions.
Your "normal" users won't be happy, but this is one way to keep malware/viruses out, and productivity high.
  

........................................
Chernobyl disaster..a must see pictorial
http://www.kiddofspeed.com/default.htm

What kind of bandwidth do you have on the WAN side of the firewall?  While a PRO2040 will support 100 users easily, if you've got all the bells and whistles turned on (IPS, anti-virus, content filter) you'll be lucky to support more than 6mbit even with the PRO2040--it just can't push data any fast than that.

Sonicwall's throughput numbers are not "deceptive," they're downright false.