• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 995
  • Last Modified:

Upgrading IOS on PIX 515E

So it's at:

Cisco PIX Firewall Version 6.1(4)
Cisco PIX Device Manager Version 1.1(2)

Am I right that I can't upgrade, except to 6.2.X without upgrading to at least 64mb RAM?

And would I be correct to assume that I could buy memory for it and upgrade it myself, perhaps from ciscomemoryupgrades.com?

thanks
0
corphealth
Asked:
corphealth
  • 9
  • 3
  • 3
  • +1
1 Solution
 
Cyclops3590Commented:
You can't go to 7.x without atleast 64MB ram, you can upgrade the memory yourself, its not hard

I'm still looking but I can't see why you shouldn't be able to go to 6.3(5) version.  Of course are you in restricted or unrestricted mode on the 515
0
 
Cyclops3590Commented:
also how much ram do you have now
0
 
corphealthAuthor Commented:
Hardware:   PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0x300, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
Cyclops3590Commented:
ok found the memory requirements for 6.3, I'd upgrade to that until you can get the memory up to 64MB
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a00804e6d6d.html#wp31990

also, be aware that the config will need changing when going to 7.x so keep that in mind too
0
 
corphealthAuthor Commented:
What kind of config, I read somewhere else in here where someone said that upgrade IOS on the pix from 6.3.X and it would keep the config.
Please elaborate. =)
-chipTM
0
 
Cyclops3590Commented:
i wouldn't if I were you.  vpngroup was replaced with tunnel-group for one thing.  If you used conduits, their gone.  There is a lot that changed so I really wouldn't bank on the IOS upgrade to take care of everything for you.  In fact before you make that leap I'd make a config backup just in case its beyond repair and you have to start from scratch.  Don't get me wrong, you may get lucky depending upon the difficulty of your config and it upgrades fine, but I'd research it before you do an upgrade
0
 
Pentrix2Commented:
I seem a PIX upgrade from 6.3 to 7 and they lost their internal exchange connectivity.  This is due from commands changing in the versions.

David
0
 
Cyclops3590Commented:
yup, that's exactly why you should go to 6.3(5) for now to get it updated as much as possible without worrying about any config changes, then research the changes for 6.3 -> 7.x upgrades
0
 
calvinetterCommented:
Before upgrading, I assume you have current SmartNet support on this PIX? Otherwise upgrading isn't an option.

  Agree with Cyclops3590 that you should do some research before considering going to 7.x.  If/when you go to 7.x, be absolutely sure you read *all* documentation carefully, as there's a danger of corrupting the install.
  Even from 6.1 to 6.3 there are some fairly significant changes, mostly improvements.  Suggest you research 6.3 before upgrading to it, if you're going the route of "incremental changes."  Even if just upgrading to 6.3 for now, I'd highly recommend converting any conduit statements to ACLs (since conduits are *not* supported in 7.x), & checking what commands are changed or not supported in 6.3.

  New & changed features in 6.3 series:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a0080579fbf.html#wp32151

  Important:  see the following for info on 7.x:
  General release notes (especially "System Requirements" & "Changes to Existing PIX 6.x Features"):
http://www.cisco.com/en/US/products/sw/secursw/ps2120/prod_release_note09186a008057a11d.html
  * Upgrade Guide*:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/index.htm

cheers
0
 
corphealthAuthor Commented:
Yes, they are in ACL form already.  I have holding off on upgrading until I get the memory for it I ordered, and until after we switch to a new ISP tonight.  That being said, what is this smartnet??!?!
0
 
calvinetterCommented:
 SmartNet is essentially a "Cisco extended support/warranty" contract, which permits you to download & install new PIX software from Cisco's website.  SmartNet should be purchased when you bought the PIX, & needs to be renewed yearly (or every 3 yrs possibly).  If you bought this new but never got SmartNet for it, you should be able to buy SmartNet for it after the fact; this might entail getting a 3rd-party to inspect the PIX to ensure it's in good working order, before Cisco will allow you to put a SmartNet contract on it.  Contact your distributor or a local Cisco reseller for details.
  Without SmartNet, Cisco will *not* allow you to download new PIX images from their website, due to licensing.

cheers
0
 
Cyclops3590Commented:
calvinetter can probably correct me, but I swear I've heard that some of Cisco's products offer one time upgrade options for a fee so you don' t have to buy the smartnet if you don't want (but I do recommend it)
0
 
calvinetterCommented:
Greetings Cyclops!   The only thing of this nature I've heard is when there's a *serious* security vulnerabiltiy or a nasty, fatal bug that Cisco felt compelled to provide bugfixed code, so they don't lose credibility & lose customers.  ;)  In this case, they don't provide a free upgrade to the next major release, just the next minor maintenance version higher.  Let's say for example if 6.1(1) had such a fatal flaw, & Cisco might allow a 1-time upgrade to 6.1(2).

cheers
0
 
Cyclops3590Commented:
umm, i could have swore you could pay for one time upgrades as well.  probably just imagining it i guess.

at any rate corphealth, these smartnets for one year really aren't very expensive. Probably a few hundred or so
0
 
Pentrix2Commented:
To my understanding they provide paid one time upgrades for routers, switches, but haven't heard for PIXes.
0
 
Cyclops3590Commented:
thx for the clarification Pentrix2
0
 
Pentrix2Commented:
np Cyclops3590.

btw:  You are doing pretty good on this board.


David
0
 
Cyclops3590Commented:
thx, I'm trying anyway.  Just got into Cisco firewalls a few of months ago and this board helped me out, so I thought I'd try to return the favor
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 9
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now