I actually read this earlier this week but did not have a chance to comment. ComputerWorld had this article today that details that Cisco will stop selling its line of PIX firewalls on July 28th of this year.  I don't think this announcement came as a shock to anyone.  They had discontinued their VPN 3000 concentrators a year ago and it was only a matter of time that the PIX boxes went the same way. For me personally the PIX firewalls just seemed to always be there. Yes Checkpoint was the "cool" firewall when I first got into security, but PIX was from Cisco and it seemed like the cornerstone of their security business.  Their IDS was not so good for a long time.  Cisco's other security products were never considered back then (or now for that matter) to be best-of-breed, but PIX was a product that was not a bad product in its class.

What is more important though is what is taking the PIX place. It is the ASA line of UTMs.  This presents living proof that the market is moving away from stand alone appliances like firewalls and IPS and towards UTM type of devices that also offer anti-virus, antispam, etc.  I personally had perplexing experience this week on this very subject. One large analyst firm claims that by 2011, 50% of all network security will be spent on UTM.  Then in speaking to an analyst from an even larger analyst firm, he said their position is that UTM will never catch on in the enterprise.  Even if they buy a UTM box, they will not turn on the other features.  So ASA boxes will just be used for firewall and VPN and perhaps IPS. 

Here is the Shimel analysis for what it is worth. I think the larger analyst firm is wrong. I think they have only thought this half way through. I think what the facts are is that people buy the UTM for just one or two functions.  I think that is true for both the mid-market and the enterprise market.  What happens is after they buy the UTM and set up either the firewall or IPS or what have you, geek nature takes over.  They can't help themselves but to experiment and tinker and see what the other functions can do and how they work.  If these other functions work reasonably well without choking the box, they will slowly but surely use the other functions as well.  So before you know it, that UTM that you bought as a firewall is doing UTM duty.

Anyway, any of you PIX owners out there don't throw out the old boxes just yet, Cisco will support them until 2013.  In the meantime I am sure there will be no shortage of vendors looking to give you a deal to upgrade to the latest box. In the meantime if all you are interested in is a good firewall, don't pay anything.  Go to http://cobia.stillsecure.com and use our community sourced firewall for free and upgrade to UTM down the road.