if you are using a PIX 515/515E running PIX Version 6.2/6.3, you need to upgrade your memory before performing an upgrade to PIX Version 7.0. PIX Version 7.0 requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses. The following security appliance platforms require at least 64 MB of RAM. Table 1 lists Flash memory requirements for Version 7.2(1).
Table 1 Flash Memory Requirements
Security Appliance Model
Flash Memory Required in Version 7.2(1)
my question is:: what might occur if i upgrade a pix 515e which is having UR licenses and 64MB RAM from version 6.2 to 7.0.?
I haven't tried it on a Pix but on an ASA if your memory is insufficient the upgrade willl occur - with error messages generated during boot (and periodically during normal operation).
On a Pix, the upgrade may fail altogether. On an ASA, the appliance may fail to pass traffic under certain use and load conditions. Since those are difficult to characterize in moment-to-moment operations, my assessment is that it would be a veryt risky proposition for any device you are counting on for production use. If you're doing it for a lab or training then no big deal.
thanks for the reply. as i understand, the UR or R lincense are based on an "activation key", and it has no dependancy on the HW itself. we just did the upgrade and did not face any issue as of now. we are actually planning to go for the 8.x pix version.
what is your idea, based on the licenses activation ?
If I remember right the PIX only support the very first versions of 8.0 software. And even then its streching its recources.
Version 8.0(2) requires the following:
•The minimum software version required before upgrading to PIX Version 8.0(2) is PIX Version 7.2. If you are running a PIX version earlier than Version 6.2, you must first upgrade to PIX Version 6.2 or PIX Version 6.3 before you can upgrade to PIX Version 7.2.
•To upgrade your PIX software image, go to the following website:
is there a chance to downgrade the unrestricted licenses to restricted licenses, and use the pix, since we have a very small firewall security requirement for securing some isolated set of few systems with less traffic flowwing between them.
Either upgrading or changing your license type would require a support contract. The Pix firewall is almost end of life - it hasnt been sold as new for about four years and is no longer eligible for new support contracts.
If you have one that's working on it's current software why worry about upgrading? Just use it as-is. You could also use a much more recent ASA 5505 or such for a requirement like that.
For a simple firewall, the older Pix operating system 7.2 works fine. I have not seen many customers ride the Pix line all the way onto 8.x software.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...