Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

REMOTE UPGRADE OF PIX

I have a couple of PIX upgrade questions.  I was planning to move our sites to the 6.3.3.124 image on all PIXes.  

1)  On my primary site, I have a failover pair.  Are there any tricks on upgrading process, or do I just upgrade the primary and then the secondary?

2)  I have a remote site with no server and only a perodic laptop.  Can I remotely upgrade the PIX over a WAN link?  How do I connect to TFTP Server?

Thanks for any help.

Steve
0
smeek
Asked:
smeek
  • 5
  • 2
1 Solution
 
visioneerCommented:
Tim's link takes care of question 1.

Question 2 is no, I don't believe you can upgrade from the WAN link, and besides you probably shouldn't try it in case you lose your WAN connectivity during the upgrade! :-O
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Tim HolmanCommented:
If you can get a console, telnet or ssh connection to the PIX, then I believe you can initiate the copy tftp flash command, so as long as your tftp server's up, and the image correct (double check it's md5 hash to ensure it's not corrupted), then away you go !!
0
 
smeekAuthor Commented:
I could SSH to it.  

How about open the PIX so that I can point the TFTP to a public IP with my TFTP server and copy the image across the Internet.

Ideas?

Steve
0
 
Tim HolmanCommented:
Yes - that's exactly how I'd do it.  By default, you'll be able to access anything on the Internet from the PIX itself, but you may need to setup TFTP rules at the other end (ie if you have a firewall protecting your TFTP server).
0
 
smeekAuthor Commented:
I got it.  I allowed port 69 through to a static mapping I created for my laptop and it worked like a charm.  I just wish the previous IT person had the foresight to setup SSH statements for the branches to main site.  Is there a way to connect through the VPN to change the remote PIXs SSH.

Steve  
0
 
Tim HolmanCommented:
If you have telnet access, then yes, you can generate SSH keys on the PIX and away you go...

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e71.shtml#sshinout
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now