I have a pix520 and upgraded it this morning to 6.31 and pdm 3. Worked fine for about 2 hours then all of a sudden nobody could get in or out... took a downgrade to 6.22 and pdm2 to get it working again. Next step for me is putting a TAC ticket in.
in my home LAN, i upgraded the PIX to 6.31 and it is stable for the last one month..but then iam talking about a very light load..
my 2 cents..
best regards / Sampath.
I've upgraded a Pix520 to rel 6.3 in a large Company last Friday.
They do Internet surfing, publish a server and have a DES tunnel with a Checkpoint firewall.
No problems at all.
Been running 6.3.1 on my 515 unit for over 20 days with heavy load (250+ inside users, and heavy web/smtp/PPTP traffic coming from the outside), and no problems what so ever.
A few weeks back I upgraded my 515's (with VAC installed) to 6.3(1) and ran into problems. Our site does alot of VPN traffic with around 50 site-to-site connections and double that many in VPN Client (road warrior) connections.
The PIX ran fine for around a week, but then started rebooting constantly, sometimes five times in an hour. The problems turned out to be related to the VPN Client connections and NAT-T.
You should really browse the bug database to figure out if any of the reported bugs will cause you headaches in your environment.
You can view the list bugs for PIX 6.3(1) on the CCO site here:
Thanks for your input.
I did check on the bug tool, but didn't find anything related to 6.3 at all. I figure it's probably too soon.
Thanks for the info.
i m planning to use a PIX firewall 515 in order to secure or hide my main gatekeeper ( 7200 router) .
Note: our site does H323 VoIP termination and origination , all of my local VoIP gateways and the remote clients gateways are registered to this gatekeeper in order to communicate and the site is running real time traffic (no time available for outage ).
the PIX firewall 515 i have is shipped with the version 6.3, so i m asking :
- before putting this PIX firewall in service if the stability of the release 6.3 has been confirmed or not yet ( by Cisco or consultant or through practical use ..)?
- the PIX firewall is configured to allow RAS and H323 messages protocol (port numbers :1718,1719,1720) ; does this PIX firewall 515 able to handle , at peak hours , of about 250 RAS signaling tunnels coming into the gatekeeper from the clients ( discovery messages , registration ,reject ..) ? if yes what should be the hardware and software caracteristics of this pix firewall ( RAMs , software advised ,..)? if No whta is the alternate solution?
Thanks In advance for help.