How well do the lower end Cisco Pix Firewall boxes work? Would this be a better solution than a Watchdog Firewall? Yes I know the lower end Pix boxes cost $5,000+ but this is within reason for my purpose. It's not for a small home network.

Does anyone have any experience with this stuff?

I've worked on designs for many Pix boxes but not actual configs. We have a Pix at our office and most of our customer sites. Most net admins I've spoken/worked with swear by Pix boxes. Checkpoint seems to be just behind in technology but aggressive in pricing.

The 515 seems to be the sweetspot for small to medium enterprise size organizations. Comes in either a Restriced or unrestriced session flavor.

Restricted = 50,000 concurrent sessions
Unrestricted = 100,000 concurrent sessions

A session being an open browser window on your desktop. Each IE or whatever browser window you have open is equal to 1 session.

Checkpoint and other firewall companies have implemented good solutions but if you speak w/ almost any major vendor (including cisco's competitiors), they all use the PIX.

515 Datasheet:

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pix51_ds.htm

Pix Whitepaper:

http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/tech/nat_wp.htm

Hope this helps

Pix firewalls are great. I dont care which end of the spectrum they are on, they work, and work outstanding.

Just stay away from those Raptor firewalls...