There are two ways to look at the Cisco SA 520 network security appliance. On one hand, it offers a solid array of features: 65Mbps IPSec VPN throughput, 100Mbps overall throughput, integrated firewall (limited to 100 rules), built-in filtering for common services like IM and P2P networking, SSL VPN, IPS, DDNS, and multi-WAN support. On the other hand, it has nearly no relation to the rest of Cisco's security solutions.
The Cisco SA 520 is physically similar to the old Cisco PIX 501, and it offers similar basic functionality. However, that's where the similarities stop: Whereas the PIX 501 ran PIXOS, the SA 520 runs a Linux-based operating system. Where the PIX 501 was as easy to manage as its bigger brothers, the SA 520 runs a completely different OS, has no console port, and no CLI. It's administered via a somewhat cranky Web-based UI.
From the perspective of a small business looking for a firewall that offers some relatively advanced features, the Cisco SA 520 is suitable. For a network professional looking for a small-site VPN endpoint device, the SA 520 is a mixed bag. It fits the bill in terms of capacity, features, and throughput, but from a management perspective, it promises headaches. Given that scenario, I'm going to address both viewpoints.
Cisco SA 520: Good for small business
The Cisco SA 520 ($419 street) provides a wealth of options as a small-business security appliance. There's a little of everything here, from basic firewalling tasks through SSL VPN features, including SSL VPN portal pages. On the back end, it will integrate with Active Directory or standard LDAP authentication services to allow users to to log into the VPN with their domain credentials.