So for example, looking a the 200F (201F to be precise as the "1" denotes it comes with a hard drive for local storage for logs) as the bare minimum. Having so few VPN users pretty much negates that variable as a factor of having any real impact. If you look on the pdf product matrix @vdralio provided, the Threat Protection Throughput is rated at 3Gb. This 3Gb is rated as the appliance offering a mix of IPS, Application Control, Malware protection, web filtering. You will want to implement these (even though you said just web filtering) to get the most out of your appliance. One major performance aspect that the matrix does not cover is the performance/process hit the appliance will take doing Deep Packet Inspection with SSL as opposed to just certificate inspection. Deep Packet Inspection has the firewall decrypt those HTTPS sessions so that it can peer into that traffic (not just at the certificate level) so it can apply any relevant mitigations against (do I need to block it or not). This can wildly affect performance depending on how much gets decrypted, so I usually go off of the rule of 1/3....i.e... if I'm needing 1Gb of throughput and I'm doing deep packet inspection, my appliance better be rated at 3Gb or better. The 401E, 601E, and 601F would be the firewalls I'd gravitate more toward personally as this would give you some room to grow with ever increasing needs for more Internet bandwidth. You are at 1Gb now, but that might change in a year or two; might as well buffer your firewall some to handle that uptick if it happens as well. The reseller can help further narrow the model down between those, but I feel confident it will come between those I mention (with the disclaimer that based on the information you gave, these are generalities and having a sale engineer investigate further with you will give you and them a clearer picture of your needs).