08-22-2008 12:15 AM - edited 02-21-2020 02:58 AM
We are hoping this weekend to upgrade 2 PIX firewalls to version 8 from 6.3. Can anyone offer any advice / experience regarding this.
Whilst we are taking every precaution it worries me as I want to ensure all current rules are correctly moved across to the new platform.
Also if the worst happens what's the best way to get back to version 6.3 and restore the original config?
Thanks in advance
08-22-2008 12:29 AM
jonathan,
That is a jump from 6 to 8. I suggest you read the docs very carefully on the upgrade proceudre, and some of the command syntax changes quite alot. There should be no issues with the upgrade - I have done a few and not had any issues yet!
There is a tool to convert from from pix to asa which is like v6 to v7/8 at the below link, I just you put your current config thru it just in case the upgrade does not go to plan:-
http://www.cisco.com/cgi-bin/tablebuild.pl/pix
HTH>
08-22-2008 09:08 AM
Totally agree with Andrew to go over the depricated commands.
Normally the upgrade takes care of the convertion on depricated statements and convert them to whichever equivalent is in newer codes.
Also if the worst happens what's the best way to get back to version 6.3 and restore the original config?
I would suggest as in any other mayor changes/upgrades like this one is to have a backout plan, such as backup your current configuration under 6.3 code and have handy the 6.3 code running on the PIX, you cannot backup the code but you should be able to download it from cisco..
backup the output of show version to have backups running activation keys. I believe the more backout analysis as well as implementation analysis of new code you can conduct the better your implementation will be.
there is a downgrade procedure but I have not seen a downgrade procedure straigh from 8.0 to 6., this backout procedure pertains to from 7.x back to 6.x.
http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html#wp1810347
I find that when you are fully prepared implementation goes smoothly.
Rgds
Jorge
08-22-2008 10:25 AM
thanks guys for your replies,
The scope of work was down to upgrade 2 PIX firewalls from 6 to 8. One is on the Un-restricted license and the other is restricted...
Luckily I have a spare Restricted PIX so i'm going to load the current config onto that and perform the upgrade. That leaves the original restricted PIX untouched. I can then just swap them over.
As for the un-restrcited PIX I will tackle that another weekend when we are completely happy with this new version 8 OS
As you say Jorge the better planning beforehand the smoother the upgrade!
Thanks again
08-22-2008 12:10 PM
You're welcome, let us know the outcome, if problems post issues for forum to assist.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: