Although dozens of manufacturers now make hardware-based firewall appliances, many of the devices are aimed at small to midsize businesses. Such products offer simplicity and ease of deployment, rather than the advanced technology that enterprises need. Larger companies looking for scalable, highly configurable firewall appliances may want to turn to Cisco Systems, which is known for its reliable, feature-rich network gear. Several models in Cisco’s PIX line of hardware-based firewall devices are particularly well suited for the enterprise.

The PIX lineup
You can get a detailed comparison of the firewalls at the PIX Firewall Documentation page on Cisco’s Web site, but here’s an overview. Cisco’s lineup currently offers these five PIX models:

  • Cisco PIX 535 Firewall
    This is the largest of Cisco’s firewalls. It is intended for very large companies and network service providers.
    Throughput—1 Gbps
    Concurrent connections—
    Up to 500,000
    3DES VPN throughput—95 Mbps
    Interface support—Up to 10 10/100 Fast-E or 9-Gb Ethernet
    Street cost—About $45,000
  • Cisco PIX 525 Firewall
    This model is aimed at enterprise networks and smaller service providers.
    Throughput—360 Mbps
    Concurrent connections—
    Up to 280,000
    3DES VPN throughput—70 Mbps
    Interface support—Up to 8 10/100 Fast-E or 3-Gb Ethernet
    Street cost—About $14,000
  • Cisco PIX 515E Firewall
    This PIX firewall is intended for small to medium-size enterprises.
    Throughput—188 Mbps
    Concurrent connections—
    Up to 125,000
    3DES VPN throughput—63 Mbps
    Interface support—Up to 6 10/100 Fast-E
    Street cost—About $6,000
  • Cisco PIX 506E Firewall
    Cisco designed this PIX firewall for remote or branch offices.
    20 Mbps
    3DES VPN throughput—
    16 Mbps
    Interface support—2 10Base-T
    Street cost—About $1,300
  • Cisco PIX 501 Firewall
    Targeted toward small offices and home-based corporate workers, the 501 is the smallest of the Cisco PIX lineup.
    Throughput—10 Mbps
    3DES VPN throughput—
    3 Mbps
    Interface support—4-port Fast-E Switch and 1 10Base-T
    Street cost—About $500

Author’s note

The street cost given for each of the above routers is based on the highest model available. This is typically the “unrestricted” (thus, unlimited user) model. You may be able to purchase limited-user models for less money.

As you can see, prices range from $50,000 to $500, and targeted users range from service providers (such as America Online or AT&T) to home users. Some models have additional user licenses or features that can be purchased, such as support for failover or additional VPN users.

Here are some of the more impressive features of PIX firewalls:

  • They all run the same operating system and have the same user interface.
  • Most can support failover for redundancy.
  • All do stateful packet inspection.
  • The higher-end models can support Gigabit Ethernet interfaces.

To keep this roundup succinct, I won’t go in to all the security features, protocols, and standards supported by the PIX. What is important is that the Cisco PIX firewalls can support almost anything you would ever want from a firewall.

With the recent introduction of the PIX 501 router, Cisco can offer a low-priced (under $500) firewall solution. This option is great for home office workers and small businesses that couldn’t afford the previous offerings. In addition, the 501 runs the same PIX OS as the larger models. So if a business grows and needs to upgrade, it can stick with a familiar configuration and command-line interface.

Cisco’s PIX line offers rock-solid firewalls for every network, but they are especially suited to the enterprise. They offer a dependable, highly customizable solution for segmenting and protecting any portion of your network, as well as providing the standard firewall function of securely connecting your network to the public Internet.