PIX 515 4.4(5) Upgradeable?

Unanswered Question
Jul 10th, 2008
User Badges:

I am in a job where expansion has happened quickly, and we are in the process of upgrading our network, and with time constraints etc we are forced to use internal heads to figure things out.


We know we have to upgrade our internal equipment and one thing is a firewall. Now our intentions are to create a position to take on this responsibility, but in the meantime I just (cause I got appointed to the position) want to understand the workings of a PIX firewall, so I picked up a "testing" one on eBay, and am wondering, after a bit of research...


1) Can this be upgraded to new firmware/software.. it has 32mb in it, its restricted.


2) I notice that all the downloads for firmware are username/password secured, am I just having difficulty logging in (cause it always says "Log In" at the top of the page), or is some kind of membership/service contract required?


Again, this is not being put into production, it was more to jsut familiarize myself with the appliance, so we dint look like a deer in headlights when we bring our new person in.


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
JORGE RODRIGUEZ Thu, 07/10/2008 - 08:24
User Badges:
  • Green, 3000 points or more

William,


Short answer to your questions is yes it can be upgraded, the running version 4.x is an old code,you should be able to at least upgrade to the 6.3 train to then upgrade to 7.X or above but there are certain hardware memroy requirements for upgrades you have to meet, look into the release notes for requirements information when upgrading code.


PIX Software release notes

http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_notes_list.html


Upgrading notes from 6.2-6.3 to 7.0

http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html#wp1032415


You will need some type of service contract in order to obtain CCO access Software updates in addition to TAC support services and hardware replacements, see bellow links for fruther information on smartnet services and cisco partner locator. Cisco partners should be able to answer all questions in details when you speak to them about type of sevices options.



About Smartnet Services

http://www.cisco.com/en/US/products/ps8319/serv_group_home.html


Cisco Partner Locator

http://tools.cisco.com/WWChannels/LOCATR/openBasicSearch.do



Additionally you may also want to look into PIX platform life cycle as these models have reached end of life. Even though are still used out there it is good to understand and be aware of end support dates on them, you may find yourself that is probably best to buy the next generation of Cisco Firewalls ASA5500 series, for the PIX515 models the replacement would be the ASA5510 model.


http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/end_of_life_notice_for_cisco_pix_sec_app_sw_licenses.html



ASA5500 Series comparison New Generation of Cisco Firewalls)

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html



HTH

Jorge

Chloraseptic Mon, 07/14/2008 - 07:37
User Badges:

Thanks for the detailed response.


Maybe Im a little slow, but I cannot find a direct way to buy a CCO (service contract)?


Ive looked and looked and cannot find a place with pricing. I have phoned 3 of the "authorized IBM" guys but none helped me, and want to sell me a 10,000$ piece of equipment before they even know what my needs for it are... even if I buy the new equipment I sure would like to see this one work, even if I hook it up at my house.


I have fooled around with it, but I think it really needs a update to make it shine.


Thanks for your time.


Bill

JORGE RODRIGUEZ Mon, 07/14/2008 - 08:41
User Badges:
  • Green, 3000 points or more

Bill,


Do this, I buy cisco from Dexon who is an authorized cisco reseller, they also do smarnet services, they will privide you and answer all the questions .


For a 515E model you are probably looking at $800-900 1 Year 8x5xNBD service for a UR 515 model, includes software updates, TAC support & hardware replacement in the event of RMA.



http://www.dexon.com/



Also, if you have other Cisco equipment currently under smartnet services you should be able to dowbload software updates for your PIX.


Rgds

Jorge

Chloraseptic Mon, 07/14/2008 - 10:37
User Badges:

I dont see anywhere on their site that has the Service Contracts, again selling equipment... I have the pix already with 4.4(5) ... Im confused ... are you refferring to the notion that the downloads to update this are 8-900$ ... I dont think we have crappy equipment by any means currently... sounds like the 10k pricetag is just the starts of a long bill. I mean I understand you get what you pay for, but the equipment used is less then the service contract?

whisperwind Mon, 07/14/2008 - 10:45
User Badges:

Yeah your getting the sales pitch.....


Do this, call cisco tac 800-553-2447 tell them you need help TODAY with pix but you do not have a contract and that you would like to speak to someone in 'entitlements' in order to purchase one as you do not have a cisco partner etc....

Actions

This Discussion