Upgrade of PDM version 2.0.2 to 3.04 & PIX 6.2.1 to 6.3.5

JORGE RODRIGUEZ · ‎02-06-2007

Hello, This question is for those who have done PIX code upgrades along with PDM upgrades on 515E's as I have a change control with a two hours maintanance window in the next four days in upgrading a set of failover pixes 16FLASH 64RAM . I want to cover every possible angle in this implementation so that I don't get cough in surprises or failures.

I picked the fastest process for the PIXes code upgrade as Follows:

1.Copy the PIX Firewall binary image (pixnnn.bin) to the root directory of the TFTP server.

2.Issue the copy tftp flash command in order to copy the new PIX image to the Primary PIX.-192.168.2.4

3.Issue the copy tftp flash command in order to copy the new PIX image to the Secondary PIX.-192.168.2.5

4.Power off both PIX devices.

5.Power on the Primary PIX.-192.168.2.4

6.Wait ten seconds. This ensures that the Primary PIX-192.168.2.4 becomes the Active PIX.

7.Power on the Secondary PIX-192.168.2.5. It comes up at Standby.

Both Pixes at this point are now upgraded and will be based on failover verification at the command line as well as verification of rules being converted to the new version. Now, my question is:

at this point I assume that the previous version 2.0.2 of PDM is gone, is this right ? or will PDM version 2.0.2 remain in flash and function with PIXCode 6.3.5, either or my next step in this implementation will be to upgrade PDM to version 3.04

with the same process done upgrading the PIXcode.. is this feasable ? or would I have to go through the bypassing the bootflash: to install the PDM.

could someone verify my process implementation.

Thanks

Jorge

Jorge Rodriguez

Fernando_Meza · ‎02-06-2007

HI ..

* I have found some documents mentioning that PDM 3.0 and higher needs PIX 6.3 and higher code

* Upgrade of Image and PDM are two separate procedures. Similar to each other though

I suggest

Backup configs and write down the activation key just in case.

1.- Copy the image to flash on Primary and Secondary

2.- Copy PDM to flash on Primary and Seconday

3.- Turn them off

4.- Turn the Primary on and confirm new image and PDM is OK

5.- Turn on the Secondary and confirm version, failover and PDM

* Below is the procedure for PDM upgrde

PIXFIREWALL(config)# copy tftp flash:pdm

Address or name of remote host [127.0.0.1] 192.168.1.2

Source file name [cdisk] pdm-301.bin

copying tftp://192.168.1.2/ pdm-301.bin to flash:pdm

[yes | no | again]y

I hope it helps .. please rate if it it does !!!

gagansethi · ‎02-06-2007

Hi,

As mentioned by fernando, ensure saving the serial number & activation key to a text file. If you need to revert back to an older version of code, you might need the original activation key. Use the show version command in order to save the serial number and activation key.

Also suggest reading the Release Notes for the version you plan to upgrade to so that you are aware of all new, changed, & deprecated commands.

Thanks

gagan

JORGE RODRIGUEZ · ‎02-07-2007

Fernando and Gagansethi, thanks very mych for your input on this one, good that you guys mentioned saving the activation keys, I did come accross of possibly having to input the activation-keys after PIX upgrades. Today I got of hold of an offline 506/32RAM-8flash pix found in one of the comm-rooms runing 6.2.1, this is my chance to simulate the upgrade.

Thanks

Jorge

Jorge Rodriguez