Migration from PIX to FWSM

Unanswered Question
Jan 30th, 2008
User Badges:

We are going to migrate all of our private (internal) DMZs from our PIX 525s to our FWSMs that are in our "core" 6509s. Has anyone done something similar to this? I would like to know if I can use CSM to help me convert the PIX config to the FWSM config, if possible.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Tue, 02/05/2008 - 11:49
User Badges:
  • Silver, 250 points or more

It is quite straightforward as both platforms use a common CLI. Now there have been significant changes between 6.3 and 7.0 (FWSM 3.1 is based on PIX 7.0). What I'd do is take the PIX 6.3 config and load it onto a lab unit. Upgrade the lab unit to 7.0. Copy the new config (it will automatically adjust to the new 7.0 CLI). Go the FWSM and rebuild your interfaces manually (FWSM is all about VLANs while PIX/ASA refer to physical interfaces and subinterfaces). Once that's done, you'll be able to copy/paste a large part of the PIX config into the FWSM. Features such as VPN and IPS won't work on FWSM but the rest should be accepted

with no major issues.


Actions

This Discussion