×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

pix 515 image upgrade

Unanswered Question
Mar 31st, 2012
User Badges:

the following url states the memory requirements for the pix firewall


http://www.cisco.com/en/US/docs/security/pix/pix72/release/notes/pixrn72.html#wp43534


if you are using a PIX  515/515E running PIX Version 6.2/6.3, you need to upgrade your memory  before performing an upgrade to PIX Version 7.0. PIX Version 7.0  requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of  RAM for Unrestricted (UR) and Failover (FO) licenses. The following  security appliance platforms require at least 64 MB of RAM. Table 1 lists Flash memory requirements for Version 7.2(1).



Table 1     Flash Memory Requirements 

Security Appliance Model
Flash Memory Required in Version 7.2(1)

PIX 515/515E

16 MB

PIX 525

16 MB

PIX 535

16 MB


my question is:: what might occur if i upgrade a pix 515e which is having UR licenses and 64MB RAM from version 6.2 to 7.0.?


thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Marvin Rhoads Sun, 04/01/2012 - 08:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

I haven't tried it on a Pix but on an ASA if your memory is insufficient the upgrade willl occur - with error messages generated during boot (and periodically during normal operation).


On a Pix, the upgrade may fail altogether. On an ASA, the appliance may fail to pass traffic under certain use and load conditions. Since those are difficult to characterize in moment-to-moment operations, my assessment is that it would be a veryt risky proposition for any device you are counting on for production use. If you're doing it for a lab or training then no big deal.

uddika kahawatte Sun, 04/01/2012 - 21:44
User Badges:

hi Marvin,


thanks for the reply. as i understand, the UR or R lincense are based on an "activation key", and it has no dependancy on the HW itself. we just did the upgrade and did not face any issue as of now. we are actually planning to go for the 8.x pix version.

what is your idea, based on the licenses activation ?



thanks,

uddika

Jouni Forss Mon, 04/02/2012 - 13:24
User Badges:
  • Super Bronze, 10000 points or more

Hi,


If I remember right the PIX only support the very first versions of 8.0 software. And even then its streching its recources.


EDIT:


Software Requirements


Version 8.0(2) requires the following:


The  minimum software version required before upgrading to PIX  Version 8.0(2) is PIX Version 7.2. If you are running a PIX version  earlier than Version 6.2, you must first upgrade to PIX Version 6.2 or  PIX Version 6.3 before you can upgrade to PIX Version 7.2.


To upgrade your PIX software image, go to the following website:


http://www.cisco.com/public/sw-center/index.shtml


For information on specific licenses supported on each model of the security appliance, go to the following website: http://www.cisco.com/en/US/docs/security/asa/asa80/license/license80.html


If  you are upgrading from a previous PIX version, save your configuration  and record your activation key and serial number. For new installation  requirements, go to the following website: http://www.cisco.com/public/sw-center/index.shtml

uddika kahawatte Mon, 04/02/2012 - 23:18
User Badges:

is there a chance to downgrade the unrestricted licenses to restricted licenses, and use the pix, since we have a very small firewall security requirement for securing some isolated set of few systems with less traffic flowwing between them.

uddika kahawatte Mon, 04/02/2012 - 23:25
User Badges:

we don't want to use a UR licenses and go with a older IOS. we prefer a restricted license with a newer IOS. any ideas and options ?

Marvin Rhoads Mon, 04/02/2012 - 23:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Either upgrading or changing your license type would require a support contract. The Pix firewall is almost end of life - it hasnt been sold as new for about four years and is no longer eligible for new support contracts.


If you have one that's working on it's current software why worry about upgrading? Just use it as-is. You could also use a much more recent ASA 5505 or such for a requirement like that.


For a simple firewall, the older Pix operating system 7.2 works fine. I have not seen many customers ride the Pix line all the way onto 8.x software.

Actions

This Discussion