I have a 10/100 network with 450 computers. Most business traffic is internal and would be on the same PIX interface. We have no need for external access to our webserver, but we do have quite a bit of surfing and some legitimate business traffic from the inside to the outside. I would like to deny traffic between four additional interfaces and the inside interface. Those other four interfaces will have a total of 100 computers doing pure IP to the outside, mostly http. I've got some Netware synchronzation and authentication going on with some outside boxes. I'll need some very limited outside to inside access. I'm thinking that a 515UR will more than suffice, but would like your opinions on judging the need for concurrent connections. Thanks!