I need a recommendation on a small network firewall.

Untangle is a very cost-effective, easy-to-use solution.

http://www.untangle.com/

It runs on any PC or cheap server hardware, or you can buy one of their appliances.

There are some decent firewall/routers with gigabit WAN ports, but they're either going to be expensive or lacking in features and performance. Have you considered connecting a cheap gigabit switch between the cable modem and the PIX? You can keep the PIX you already have since the switch will connect to the modem at 1000 mbps and the PIX at 100 mbps. That way, you don't turn the PIX into a paperweight, plus you won't have to setup the firewall rules again.

I DO AGREEE WITH EXPERT ThorinO
dont think only 10/100/1000 connectivity, also think about performance, secuirty, mangament and support. you can use sonicwall as complete solution.

@ArneLovius
The PIX "outside" port is 10/100 and the two will not negotiate a speed, SO ADDING 10/100/1000 will not resolve the issue.

@ Syed, I think you are mistaken.

If you put a 4 port 10/100/1000 switch between the PIX and the Cable Modem, the cable modem should  negotiate at 1000mb while the PIX should negotiate at 100mb, this should resolve the issue of the "broken" gigabit implementation on the Cable Modem as it will then be negotiating with the switch not the PIX

I agree that the best method would be something like the Sonicwall, but the customer is a manufacturing firm and cost is an issue in the present economy.  I looked at the Sonicwall before posting, but have never installed/configured that product.  I have always used PIX (no one ever got fired for recommending Cisco).

I am surprised I did not think of the switch solution, but I like it as a possible bandaid.  The one thing that makes me think it might work is that the Linksys I have in place right now is a 10/100 device.  (The Linksys is about 4 years old.)  It is able to negotiate with the Gb ports on the cable modem without a problem.  That makes me think that the PIX is simply one of those devices that want's things it's way and will not negotiate well.  

Therefore I am thinking that an inexpensive 10/100 switch (instead of the 10/100/1000 option) may be a "cheap" fix until business picks up.  This is worth a try (I think).  

I a wondering if Sved would comment on performance.  As far as security, and management, inserting a switch would allow us to utilize the existing PIX.  I understand that putting a switch between the cable modem and the PIX would constitute and additional "hop" (or maybe half a hop since no routing is actually taking place with a layer 2 switch).  I am wondering, however, if that would cause any noticable performance issues since the outside of the cable modem is only 6M.

Thanks for the comments thus far and I will appreciate any additional comments.

There will be a drop in performance which equates to the latency of the switch at forwarding L2 Ethernet frames, this is the same latency that you have on the LAN side.

This is unlikely to be noticeable to people behind the firewall :-)

sorry for miss-understabding, i was also thinking of having Gigabit connetion only. you are right ArneLovius.

I'll be able to try this solution the first of the week.

I've requested that this question be closed as follows:

Accepted answer: 500 points for ArneLovius's comment http:/Q_27193488.html#36179845

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

I would like to split the point between 36175385 and 36179845.  Both were good ideas.

I have no objection