Recovery of PIX Firewall

Have a PIX 515E Firewall. Looking at disaster recovery scenario.
If we lose the Firewall version software 6.1(4) and taken to RoMon how to we recover back the Firewall version.
On say a Cisco 1801 router we have FLASH storage and just use the RoMon to copy back an IOS version and bob is your uncle.
On the PIX we have no FLASH or external storage in which to COPY from or to

How do you also copy the Running Config to an external device using TFTP. i.e. in IOS you would use "copy running FLASH" this then copies your current running configuration to your TFTP server.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

In answer to your question on how to backup to TFTP, see below taken from

The setup phase:

config term
tftp-server inside IPADDRESS FILEPATH

After that, when you wish to copy the config to the FILEPATH given,

config term
write net

There is an extension to this that works even though it is not documented:

config term

If ANOTHERFILEPATH does not start with / then it will be interpreted
as a file in the directory FILEPATH that you gave on the tftp-server
command; otherwise it will be treated as an absolute path and the
first slash stripped off. However, many tftp servers will then
interpret that de-slashed file as relative to some directory list
configured for the tftp server, so to give an absolute path you should
start with two slashes:

write net

As usual, any file that you try to write with tftp must pre-exist
and allow write access.

You can get away without using the tftp server command at all provided
that you are only ever saving to absolute paths on hosts on the inside
interface. The "write net" command *always* uses the interface from the
tftp-server command (default 'inside') even though one would -think- it
should figure out the interface by looking at the routing table.

Important note: you *must* be in configuration mode at the time you
"write net". If you are merely in enable mode, then the command will
not be recognized.


ccfcfcAuthor Commented:
I assume when you say "inside" I can use any defined interface and substitute it ?

I also noticed that when re-loaded I can press ESC or BREAK and this takes me into an equivelent RoMon type command level. Am I correct ?
This then provides the same functionality as if I the PIX O/S is corrupt and I can reload from an TFTP server ?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.