[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


PIX firewall configure to allow tftp

Posted on 2005-04-06
Medium Priority
Last Modified: 2013-11-16
Hi, I only have Telnet access to my pix and i need to find out how to add to the config so that i can tftp download from and to the firewall?

Step by step instructions will be appreciated

Thank You
Question by:ztek
  • 5
  • 3
  • 3

Accepted Solution

alex_yala earned 2000 total points
ID: 13724628
To Download the configuration FROM the firewall

You need to get a TFTP server software first.

(Straight from Cisco website)
Follow these steps to download the server by FTP:
Step 1   Start your FTP client and connect to ftp.cisco.com. (Enter your CCO username and password.)
Step 2   You can view the files in the main directory by entering the ls command.
Step 3   Enter cd cisco to move to the top-level software directory.
Step 4   Enter cd web and then cd tftp to access the TFTP software directory.
Step 5   Enter ls to view the directory contents.
Step 6   Enter get to copy the TFTP executable file to your directory.

On the PIX firewall, type in the following:
pixfirewall# write net [<tftp_ip>]:<filename>

<tftp_ip> is the computer where you install the TFTP software
<filename> is the name of the file you want to save the configuration as

To upload new IOS TO the firewall

Follow the steps from this Cisco website

I haven't really try to upload any configuration file to PIX firewall using TFTP.

Good Luck

LVL 19

Expert Comment

ID: 13724745
Solarwinds offer a free download of a very good tftp server - widely used.  You can get it from here


Then just follow Alex_yalas post for commands


Author Comment

ID: 13729360
The tftp does not work
i need to add the permission to aloow tftp through command line
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

LVL 19

Expert Comment

ID: 13735132
fixup protocol tftp 69

Expert Comment

ID: 13743840
So far, I have only use TFTP server in the inside network. I am not sure if TFTP communication will work to external host. You can try.


* If your TFTP server is connected to the external network, you have to specify it first, by typing
tftp-server [if_name] ip_address path
then type in write net :filename

* If your TFTP server is connected to the internal network, you can do it in either of the following
- Make sure there is no tftp-server configured (see above link how to remove tftp-server config), then type in write net [[server_ip]:[filename]]
- Make sure the tftp-server is configured with the correct IP address of the tftp server, then type in write net :filename

The other thing you have to look out for is, if you have 2 nics on your TFTP server, you need to disable one. Sometimes the TFTP server tries to use the other NIC to respond to the TFTP traffic which breaks the connectivity to the PIX.

Could you give more details what exactly how your network configured and what you are trying to achieve?

By the way, fixup command has nothing to do with allowing TFTP traffic connectivity. Information about fixup can be found at

LVL 19

Expert Comment

ID: 13751100

If you have solarwinds tftp server running on pc ip for example

logon to pix

write net

this creates the file pixconfig in the Solarwinds tftp folder

To copy the file back to the PIX

copy tftp:// startup-config

Reboot PIX for this to take effect.

FYI the above - the reason I advised using the "fixup protocol tftp 69 command" was that I was unsure exactly where you were having the problem and how exactly you you were trying to do this.  You DO need to use this command if you are using static PAT to redirect tftp traffic.  

If you get an error with either of these commands - pls post it and it will help isolate the problem.


Author Comment

ID: 13755591
the problem is during the tftp transfer it times out.
LVL 19

Expert Comment

ID: 13756032
Tftp times out which way - from or to PIX?
Are you sure TFTP server is running correctly?
Can the PIX definitely see the tftp server?


Author Comment

ID: 13757954
From pix and yes my tftp server is working correctly
LVL 19

Expert Comment

ID: 13760414
Ok - Do you know what speed your PIX inside interface is set to run on - I have encountered systems were tftp does not like 100MB - have you got a 10MB hub or switch you can try it over?

Are you receiving an error code when it fails - e.g. error code 2, 3, 4 etc


Expert Comment

ID: 13767992
Does your server have multiple IP addresses? (Especially on the same subnet)

If you do, it won't work.

I had the same problem with my remote client a few months back. For some reason the IT provider in that country setup 2 NICs on the same subnet with different IP address. The TFTP server just can't receive any TFTP traffic. As soon as I disabled the unused NIC, it all worked.

Good Luck.


Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question