After recently moving all our server infrastructure offsite, our firewall needs in our corporate office have been simplified: establish VPN tunnels to our datacenters, block all public incoming traffic, selectively block outgoing public traffic. Sin...