pix 515 image upgrade

uddika kahawatte · ‎03-31-2012

the following url states the memory requirements for the pix firewall

http://www.cisco.com/en/US/docs/security/pix/pix72/release/notes/pixrn72.html#wp43534

if you are using a PIX 515/515E running PIX Version 6.2/6.3, you need to upgrade your memory before performing an upgrade to PIX Version 7.0. PIX Version 7.0 requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses. The following security appliance platforms require at least 64 MB of RAM. Table 1 lists Flash memory requirements for Version 7.2(1).

Table 1 Flash Memory Requirements
Security Appliance Model	Flash Memory Required in Version 7.2(1)
PIX 515/515E	16 MB
PIX 525	16 MB
PIX 535	16 MB

my question is:: what might occur if i upgrade a pix 515e which is having UR licenses and 64MB RAM from version 6.2 to 7.0.?

thanks.

Marvin Rhoads · ‎04-01-2012

I haven't tried it on a Pix but on an ASA if your memory is insufficient the upgrade willl occur - with error messages generated during boot (and periodically during normal operation).

On a Pix, the upgrade may fail altogether. On an ASA, the appliance may fail to pass traffic under certain use and load conditions. Since those are difficult to characterize in moment-to-moment operations, my assessment is that it would be a veryt risky proposition for any device you are counting on for production use. If you're doing it for a lab or training then no big deal.

uddika kahawatte · ‎04-01-2012

hi Marvin,

thanks for the reply. as i understand, the UR or R lincense are based on an "activation key", and it has no dependancy on the HW itself. we just did the upgrade and did not face any issue as of now. we are actually planning to go for the 8.x pix version.

what is your idea, based on the licenses activation ?

thanks,

uddika

Jouni Forss · ‎04-02-2012

Hi,

If I remember right the PIX only support the very first versions of 8.0 software. And even then its streching its recources.

EDIT:

Software Requirements

Version 8.0(2) requires the following:

•The minimum software version required before upgrading to PIX Version 8.0(2) is PIX Version 7.2. If you are running a PIX version earlier than Version 6.2, you must first upgrade to PIX Version 6.2 or PIX Version 6.3 before you can upgrade to PIX Version 7.2.

•To upgrade your PIX software image, go to the following website:

http://www.cisco.com/public/sw-center/index.shtml

•For information on specific licenses supported on each model of the security appliance, go to the following website: http://www.cisco.com/en/US/docs/security/asa/asa80/license/license80.html

•If you are upgrading from a previous PIX version, save your configuration and record your activation key and serial number. For new installation requirements, go to the following website: http://www.cisco.com/public/sw-center/index.shtml

uddika kahawatte · ‎04-02-2012

is there a chance to downgrade the unrestricted licenses to restricted licenses, and use the pix, since we have a very small firewall security requirement for securing some isolated set of few systems with less traffic flowwing between them.

uddika kahawatte · ‎04-02-2012

and if we have a better ios, things will be smooth

uddika kahawatte · ‎04-02-2012

we don't want to use a UR licenses and go with a older IOS. we prefer a restricted license with a newer IOS. any ideas and options ?

Marvin Rhoads · ‎04-02-2012

Either upgrading or changing your license type would require a support contract. The Pix firewall is almost end of life - it hasnt been sold as new for about four years and is no longer eligible for new support contracts.

If you have one that's working on it's current software why worry about upgrading? Just use it as-is. You could also use a much more recent ASA 5505 or such for a requirement like that.

For a simple firewall, the older Pix operating system 7.2 works fine. I have not seen many customers ride the Pix line all the way onto 8.x software.