PIX 515E upgrade from 7.04 to 7.2/8.0x

Answered Question
Oct 29th, 2008

Hi All,

Please can someone provide me an advice on this?

1. We are about upgrading our PIX 515E/ failover pair from 7.04 to 8.0x. but not sure which release has been tested and confirmed to be the most stable. I want to know which is the best version to upgrade to.

1. If there is no 8.0x versions very stable at the moment, is 7.2 ok? Is there any 7.2 version i should chose in prefernce for other?

All the memory/flash requirements are ok on my pix

Kind Reagrds


I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 8 years 2 months ago

No that issue pertains only to the VPN connections terminated 'on' the firewall itself.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Farrukh Haroon Wed, 10/29/2008 - 05:00

They both are not that great when it comes to stability. I would go with 8.0(3) or 8.0(4).



peteruwa Wed, 10/29/2008 - 06:18


Thanks for your response. I have seen other peoples comment about some services not working properly after upgrading to 8.0x. Our Network is quite large and would not want to risk any service failure or struggling to get some services to work after the upgrade. Is there anything you think I should be aware of, prior to this upgrade you suggested?

Farrukh Haroon Wed, 10/29/2008 - 07:12

Peter you have to plan this out for sure with a 'downgrade plan' incase the need arises. One particular bug is with VPNs going down after upgrading to 8.x (this is with regards to compression being enabled by default or something). Some stuff works better in 7.x and other works better in 8.x. If you have multiple firewalls make sure you test one out, and if possible test it out first one one of the less critical boxes you have.



cisco24x7 Wed, 10/29/2008 - 07:21

You need to ask yourself the following questions:

- What features do I need in newer releases that

are not currently available in 7.0.4? Can

I get by with version 7.0.8(GD)?

- What is the Pros and Cons of upgrading to

new releases? What are the "risk" factors?

I might be spending countless night trouble-

shooting issues after upgrade.

Nobody can answer this question for you

without first understanding your environment.

That's where consultants usually come in.

peteruwa Wed, 10/29/2008 - 09:14


yes I will plan out things as adviced. With regards to compression enabled by default in 8.0x, I have all my VPN terminated on a VPN concentrator and the Concentrator is connected to the PIX dmz I wil be upgrading. Will this still have any effect on the VPN?

Correct Answer
Farrukh Haroon Thu, 10/30/2008 - 03:06

No that issue pertains only to the VPN connections terminated 'on' the firewall itself.



peteruwa Tue, 11/04/2008 - 05:54

Hi Farrukh,

Thanks for your advice. i have upgraded the PIX through ver7.04->7.24->8.04 and all seems to be working fine. I had a few issues with sqlnet which did not work after upgrade to 8.04 but had to turn off sqlnet inspection on the firewall.

It worked ok afterwards




This Discussion