We use 2 Cisco PIX 501's in front of a couple of our web-servers up at a data-centre (two separate installations on different IP ranges).
Touchwood they're fine but, if we had to replace them - what are our options for an equivalent replacement today? When we bought these I remember the spec saying they would comfortably support 10,000 simultaneous connections. Is the ASA5505 the equivalent today?
[edit] I'm not against other manufacturers - just that the pix is what we have and we know a CCNA(?), albeit certified in 2003, who configures and administers our pixes.
As a rule of thumb, Juniper firewalls tend to be cheaper for the same feature set. I don't have a lot of direct experience with them, though. If you stick with Cisco, then an ASA 5505 would be your best bet for replacement. As far as product line goes, the 5505 is the pix501 equivalent. However, the 5505 is actually closer to spec equivalent with the 515e. That is, the 5505 supports 150Mbps throughput as opposed to the 170(?) for the pix515e. Additionally, with the ‘Security Plus’ option the ASA supports more VLANS (with trunking), H/A, and a few more connections.
If you are confortable with PIX 501, take an ASA 5505. You will keep the same CLI interface. ASA 5505 is arround 2 time better than PIX 501, you have a maximum number of connections of 10'000 (7500 on PIX 501), max. throughput of 150 mbps (60 on PIX 501). I would recommand you to check the CPU usage, number of connection and throughput of your current firewall to check if an 5505 will be enought for a long term usage. If you are near of the maximum capacity of the 501 you may want to take an ASA 5510.
I don't know Juniper firewall but Nokia are better/easier to use (from my point of view) when you have a lots of interface.
I have had a great experience with Netgate's M1n1wall and can highly recommend pfSense. The throughput is much better than the Pix's, and the reliability has been perfect. Not a single issue in about a year at my office, where we have a business connection and 5 static external IPs.
I still have a 10-license Pix 501 at home and keep running out of local-host licenses. With my kids having their own laptops now, cell phones connecting through Wifi, the TV on the Internet as well, a Popcorn Hour streaming box, a server, a NAS, and a desktop computer, I have to clear the local-hosts almost daily because I can't get an outbound connection. I am going to replace it with a M1n1wall this week and will include a wireless kit, so that I can throw out the Verizon router and my old Linksys AP. Imagine what good this will do to my electric bill as well.
I will miss the Pix command line interface. Having mastered it made me feel part of an exclusive club, but I also spent many hours troubleshooting. Thankfully, this will be a thing of the past, as the pfSense web interface is complete and easy to use.
Changing to Juniper or any other vendor will cost you more in totalt because of the hours spent, so my advice for you is to stay on Cisco products.
We have several ASA5505 spread out at remote offices, they have worked flawlessly and are providing excellent performance. Highly recommended (but dont forget TAC agreement).
I would advise against Watchguard Edges. We went all out on them at our remote sites and either they have poor performance or our vendors have done a poor job on the setup. Seeing consideraly slower connections afterwards as compared to the PIX501. A full Watchguard x5500e though is nice and GUI for regular tasks means we only occasionally need the network guy from our vendor for more complex tasks. We don't use some of the features but it does have the option for load balancing with two and for failover in the event of trouble.
If you don't mind OpenSource alternatives: http://www.vyatta.com/downloads/index.php
I really like the Fortinet line of firewalls/security devices.
http://davidhazar.blogspot.com/2009/10/why-cisco-fortinet-fortigate.html
I've been very impressed with the Juniper line of firewalls recently.
http://www.juniper.net/us/en/products-services/security/ssg-series/
Outstanding price, enterprise class features and performance.
BIG fan of Nokia firewalls myself, capable and secure.
Don't be afraid of considering alternatives. Vyatta http://www.vyatta.com/ or Juniper could deserve your time, both in terms of functionality and reliability.