[dav_y2k]

Hi all,
I need help concerning the following issues:
I have a VPN server running Windows Routing and Remote Access Service using PPTP. Users use Windows built-in VPN client to connect it from home. Remote site network also maintains a persistent VPN connection to this server. The traffic to this remote site network is also routed through server using permanent routes on client machine. There are some other routes too maintained on this machine.
I also have a Firewall server running Checkpoint Firewall 1 and maintain the zone separation between Intranet, DMZ and Internet. It also manages many IP mappings through persistent routes.
I have 2 options which are:
1) replace these two servers with a single hardware firewall appliance e.g Nokia IP260/265 or UTM-1.
OR
2) install Checkpoint firewall software on a new server (since the Windows hardware is a bit old) since we already have a valid Checkpoint firewall license till 2008.
We would also like to continue using Windows Active Directory to enable or disable VPN connections.
My questions are:
1) What would you advice as per the best options.
2) What are the licensing options
3) What are pros and cons of choosing these.
I wanted to choose the UTM but wasn’t sure about the licensing issues pertaining to the software. Any advice or link to a comprehensive details about each product’s performance issues will be very much appreciated.