In choosing an all-in-one gateway, prospective buyers are urged to know in advance how many users the enterprise will support; if the gateway is deployed at a branch office or is deployed to protect the main enterprise network; the size, complexity, and nature of the network; and how many users and devices can be supported by the gateway concurrently. All-in-one gateways are getting better performance and abilities, but have been limited to networks in the small and midsize business market. Knowing the user base's needs will help in determining the number of virtual private network (VPN) tunnels needed, which will be higher for a company with a mobile sales force than for a company with an internal sales group. If the gateway has intrusion detection system (IDS) or intrusion prevention system (IPS) protection, it could be an inline device, in which case there must be available redundant power supplies, network interfaces, and other crucial components. In less complex environments, a basic set of firewall rules may suffice, but, where there are multiple Web-fronted applications, static routes for enterprise branch office connections, and some public Web servers, many more firewall rules are needed. In the latter case, the load on the firewall CPU will be much larger. An All-in-one gateway can be a hardworking security and access solution, but has to be matched to the needs of the organization if the implementation is to be effective.