a little bit late to suggest this as you already have a VPN solution in place, but Symantec Enterprise VPN 6.5 (which used to be Axent's Raptor/Power VPN) would be a good solution for this. Their VPN client (Raptor mobile) includes a personal firewall solution that can be centrally managed. link
-Dave
-Dave