If so PIX is a hardware appliance with hardened unknown OS. Operates at L4 - basically wirespeed.
Raptor is application layer firewall running on NT - slow (more features like Proxy and other *rap) but NT riddled with holes. Application Layer firewalls will always be outperformed by a L4 appliance.
Application firewalls are slower, but they are more secure, since they can inspect at application level. Properly locked down, it's a safer bet -even on NT. That's why they cost so much. PIX is much faster, and it does a good enough job. You may want to look at where you are placing the firewall. If it is protecting the perimeter internet connection, then you would probably want to go w/ PIX, but if you are looking at protecting a sensitive LAN from the rest of the internal network, then a proxy/app. firewall is a good idea.
The PIX firewall is built from the ground up to be secure (i.e. it doesn't suffer from vulnerabilities inherent in a 3rd party operating system). With Symantec, everytime Windows or Solaris comes out with a new security patch you'll have to schedule downtime on your firewall to apply the patch. Also anytime you need to bounce your firewall it will require several minutes to shut down and come back up. Even though you will rarely need to, the PIX can be bounced in 15 seconds! In a production environment, this can be a lifesaver. If you need to move it, for example.
Another thing, I recently built a VPN between a PIX and a Symantec firewall. We had a router between the two boxes that was performing NAT. This was not a problem for the PIX VPN, but according to Symantec, it was a show stopper. We had to redesign our network and IP routing to accomodate the Symantec firewall.
Speaking of VPN, Symantec as of a month ago still did not have a VPN client for Windows XP, Cisco has had a VPN client available for XP since last year. And another thing, the Symantec VPN client crashed two Windows 2000 notebooks that we tried to install it on, so we switched to the Cisco VPN client and connected to our PIX instead (no problems on the same notebooks).
And lastly, in case it comes up, the PIX does have a GUI interface now that can be access via a web browser. Just in case it's the command line that is scaring your co-workers.
Good luck, I sincerely hope you get a PIX so you don't have to go through some of the headaches I have had with Symantec.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :