Hi Everyone,
The very first time I saw a Cisco Pix firewall was three days ago when my boss put one on my desk and asked me to upgrade it to 6.35.
I have managed to deduce that it is currently running version 4.4, I have configured an interface so that I can connect to tftp server but I can find no command to upload the new binary file. I would normally have expected a 'copy' command if this was a router. Can anyone point me in the right direction please?
Thanks, Danny...
How's your relationship with your boss? Because what you should do is tell him that the upgrade is more trouble than it is worth (or not possible at all) See below.
PIX Classic: cannot be done -- does not run PIX 6.x software PIX 10000: cannot be done -- does not run PIX 6.x software PIX 510: cannot be done -- does not run PIX 6.x software
PIX 501, 506, 506E, 515E, 525, 535: not possible, as they never ran 4.4 software.
PIX 520: requires flash memory upgrade to 16 Mb. Then see
- This device will likely require a new license key in order to be used for 5.1(2) or later. This license key would be free (provided it was still the same company that previously owned the device.)
- This device is End of Life, and all support contracts on it have been terminated. It is thus not acceptable to Cisco to upgrade it now to PIX 6.3 under the terms of any support contract. It is not acceptable to Cisco to upgrade it to any software version that you "happen to have lying around". The only acceptable upgrade, as far as I can tell, would be a one-time purchase of the 6.3 software release; I was recently informed that the list price for that is $US1000.
- PIX 6.3(5)112 is the last software release that will be supported on this device (unless there is another 6.3 bug fix release.)
PIX 515: Start the upgrade from monitor mode; see
- This model is still supportable, but PIX 4.4 was End of Life a long time ago, so the device must not be under software support at this time. It is not acceptable to Cisco to upgrade it to any software version that you "happen to have lying around". You could go the one-time license purchase route mentioned above. You -might- also be able to get a support contract on it even now, but cisco would probably require an "inspection fee" (several hundred dollars) if you tried to put it under one of the usual support contracts. There is a software support only contract that isn't particularily well known; the Cisco product codes for that start with SASU- . I don't know if Cisco would allow you to go directly to such a contract, or whether they would insist that you do a one-time upgrade purchase due to your version being so old. If you can manage to get into a CON- or SASU- contract without paying an inspection fee or one-time upgrade fee, then the cost to (legally) use the 6.3(5) software would probably be noticably lower.
- This device is supported in PIX 7.x provided that it is upgraded to sufficient RAM.
If the idea is just to give you practice with configuring a PIX, a PIX 501 or 506E would probably be less trouble and expense -- though neither will be supported in PIX 7.x. If studying forward for the Cisco PIX "family" is the idea, then consider a Cisco ASA 5505 or 5510: the ASA software has the same base as PIX 7.x but the ASA is newer, faster, less expensive, has more facilities...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.