A good idea for the SOHO market

The PIX 501 is the smallest model in Cisco's PIX line of firewalls. It's primary intent is for the SOHO market. While the PIX line is no longer being produced by Cisco, replaced with the ASA devices, the PIX 501 is still widely available. Google Checkout, for example, lists over 200 separate vendors who stock them.

The PIX 501 is intended for small office and branch offices that use broadband connections to connect back to their main offices. It can run up to PIX OS 6.3. PIX OS is Cisco's proprietary operating system for the PIX firewall line. It can be managed from the command line or the PDM (Pix Device Manager, Cisco's web-based application to manage this line of devices.) Like most Cisco devices, it has a console connection that uses an RJ-45 connector and connects to your computer's serial port.

The PIX 501 and 506E are the lower end of the PIX line. So, you may wonder, what's the difference? The PIX 501 is physically smaller. It sports a slower processor (133 mHz AMD), and less RAM (16MB). The 501 cannot be upgraded to the current version of PIX OS (7). However, PIX OS 6.3 is a good, stable OS in its own right, and it can meet the needs of most small businesses very easily. (A lot of people are sticking with Windows XP, after all.) If you're trying to obtain a CCNA and want a low-cost machine for your lab, this is one to keep in mind. It is extremely reliable and rarely crashes.

The 501 also has something the 506E sorely needed: a built-in switch! There is one external port, meant to be attached to your cable modem or DSL, and four internal ports. All of these are standard RJ-45 connectors. If you're setting up a very small network of two computers and perhaps a network printer or wireless access point, then the 501 is all you need. There is also an integrated security slot -- so that you can lock the 501 with a standard notebook lock so that it doesn't go walking. Considering the 501 could easily fit in a pocket, this isn't a bad idea at all.

The 501 offers quite a lot from the software end of things. It will serve as a DHCP server for your network and supports NAT and PAT. It supports IKE/IPSec VPN's, both remote access VPN's and site-to-site VPN's. For encrypting your VPN traffic, you have the choice of 56-bit DES, 168-bit 3DES, and 256-bit AES. VPN clients can be authenticated either locally on the PIX, or through a TACACS+ or the ubiquitous RADIUS server. It supports protocol-based inspection (allowing HTTP but not streaming video, for example, if you want to keep employees off YouTube.)

Does the PIX 501 have its weaknesses? Yes, it does. Its slow processor and memory are the biggest downfalls. A PIX 506E can be upgraded to PIX OS 7, if you are willing to erase everything else (the web-based PDM) and run straight off the command line. A PIX 501 cannot, and won't ever. 6.3 is as good as it gets. This isn't a big problem now, when the current PIX OS is only one version ahead, but it will only get worse with time.

Like any Cisco product, it will need a professional to come and and configure it for you. If you don't have technical staff, you're going to need a consultant. Once it's set up, it's definitely a 'set it and forget it' type of device -- you won't need to do much of anything for it. But when you do need changes made (if you want a VPN, or if you want to start allowing traffic from the Internet, say if you got your own mail server), you're going to need a pro.

All in all, though, the PIX 501 is a low-cost offering that has a lot to offer the small business owner.

Some stats for the 501:
• Dimensions (H x W x D): 1.0 x 6.25 x 5.5 in.
• Weight: 0.75 lb
• Processor: 133-MHz AMD SC520 Processor
• Random access memory: 16 MB of SDRAM
• Flash memory: 8 MB
• Cleartext throughput: Up to 60 Mbps
• Concurrent connections: 7,500
• 56-bit DES IPsec VPN throughput: Up to 6 Mbps
• 168-bit 3DES IPsec VPN throughput: Up to 3 Mbps
• 128-bit AES IPsec VPN throughput: Up to 4.5 Mbps
• Simultaneous VPN peers: 10*

Further information and stats on the PIX 501 can make the geekiest geek happy at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html