Jugaad
join:2002-04-28
MARS!! | reply to Jugaad
Re: Cisco PIX OS 7.0 on PIX 520??
BTW
I love the new PIX OS 7 now. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
 ·Charter Pipeline
| So why the change in heart? Iv been running 7.0 on a pair of 515-UR's with 64MB of ram. I haven't tried anything extremely resource intensive because they are just in my lab, but 7.0 will run on a 515-UR with 64MB in case someone was wondering  |
|
yash0
join:2005-05-10
Israel
| reply to Jugaad
good & bad news:
1) your trick worked like a charm. put a genuine pdm file
on tftp server, do "copy tftp", pull the network cable
mid-transfer, and reboot: pdm is history.
Very cool indeed! 
2) after this there was enough flash mem available and
we were able to install the pix701 image and reboot.
3) but: after installing the image, it wouldn't boot :-(
it would start the boot sequence, and reset itself,
in an endless loop.
It seems that Cisco was serious about not supporting 7.0
on the 520...
Thanks anyway! |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
| reply to webnetwiz
Re: Cisco PIX OS 7.0
said by webnetwiz  :Pix 520 will not be supported. Neither will the 501, 506, 506E (506E will be supported a little later with a memory upgrade), 515. All other Pixes, 515E, 525 and 535 will be supported. So is the 506 going to be included when the 506E gets there? I have 256M on my 506 and I'd like to take it to 7.x if possible. If not 6.3 is pretty good too. I was pretty excited to finally be able to use VLANs on the 506. Pretty powerful firewall for my home use |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
| reply to Jugaad
said by Jugaad :PIX CLI moving towards IOS sounds good to people who work mostly on IOS. But, for someone who works mostly on PIX, moving towards IOS is a big irritation. For years I looked at IOS and said thank god my PIX CLI is not like that. It definitely is a router vs pix guy thing. I came from routers and got a PIX forced on me several years ago. Since then I've taken over the rest of them. While the commands were in places similar, I always felt a little out of place. I hate the 6.x command line help... especially on complex commands. I bang the tab key constantly to no avail on the PIX. I also hate the forced NAT and NAT exclusion between security levels on the interfaces. It complicates the config greatly where numerous interfaces are involved.
7.X is a whole new affair. I'm a little apprehensive because it is very different than 6.X in it's commands and structure. That's going to mean more reading for me. However command help is much improved IMO. Tab completion is nice and the ability to remove the forced NAT is VERY welcome in my environment. Our lab firewall is on 7.0.1 and so far I like it. It will be some time before we take it into production on our main firewall pair.
I agree with you though to a point. I'd rather have better security than a kitchen-sink of router and firewall and IDS in one box. |
|
Jugaad
join:2002-04-28
MARS!!
|
Everyone hates it when there are changes. I hated it too when PIX 7.0 came out. But, when I started working on it I starting liking it...n now I love it...
There is so much more I can do with it. And I have started liking the IOS like CLI too...Much easier to work with...Tabbed input etc...
I would suggest people to take the plunge into 7.x in near future... You won't regret it...But like all cutting edge stuff it needs to mature and smoothen out the bugs...as a thumb rule I deploy new line of code after atleast 6 months of it being out...enough time for people to find bugs and report to the manufacturer...
--
Not able to get online? Good!! Go out and meet friends |
|
Jugaad
join:2002-04-28
MARS!!
| 
Reminds me of a saying >>
"Get ready to change....or get replaced"
Hehe..best of luck to u all
--
Not able to get online? Good!! Go out and meet friends |
|
pdoland
Premium
join:2004-01-26
Houston, TX
1 edit | reply to idolclub
I just got a PIX 515E for a customer. Bought it from CDW. I'm not Cisco certified. (I know, I need to finish that...) Anyway, the unit I just got came with 64 meg RAM, and OS version 6.3. So, if my customer wanted to go with 7.0, I'd have to get more memory first. Somebody asked in this thread about getting memory for a 515e, and I found a number of third-party vendors that sell memory for it. So, here are my questions:
1. Is getting version 7 free? The unit is brand new.
2. How do I go about getting the upgrade, like what form or page to fill out?
3. Is it official yet? Some people in this thread seem to feel it is official release, others said it was still in beta.
Thanks. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR | I have two PIX515's that have 7.0 running on them with only 64MB of ram. I think that you will only need 128MB to use some features of 7.0 like active/active failover. Perhaps some other cool features too. |
|
Jugaad
join:2002-04-28
MARS!!
| reply to pdoland
It's official now..earlier comments were posted when it was beta...
See this link and this should answer most of your questions:
»www.cisco.com/en/US/products/hw/···ae1.html
--
Not able to get online? Good!! Go out and meet friends |
|
Jugaad
join:2002-04-28
MARS!!
| reply to pdoland
Cisco PIX 515/515E Security Appliance Memory Upgrade for PIX Software v7.0
»www.cisco.com/en/US/products/hw/···8d4.html
--
Not able to get online? Good!! Go out and meet friends |
|
cisco5350
Premium
join:2004-07-10
India | can my 501 support Version 7 .....
i have downloaded pix701.bin ....it is 4.88 MB
i have 8 MB Flash..
pls reply me quickly
thanx;) |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs: | Cisco says no. I'd not put that image on if I were you. |
|
jma24
@bulldogdsl.com
| Hi,
I just thought I'd add my experiences:
pixfirewall> sh ver
Cisco PIX Security Appliance Software Version 7.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "flash:/image"
Config file at boot was "startup-config"
pixfirewall up 35 secs
Hardware: PIX-506E, 96 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0xfff00000, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 2
Maximum VLANs : 2
Inside Hosts : Unlimited
Failover : Not supported
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
Regards,
John |
|
jma24
@bulldogdsl.com
| reply to grunteled
Hi,
It is possible to run 7.0 on a Pix 506E. You can't however install ADSM, only the CLI.
My account manager at Cisco tells me that they are planning on doing a compressed image with a bootloader that should fit both PIX 7 and ADSM into 8Mb. Since together they are only ~10Mb that sounds feasible.
The Pix 506E is of course not flash upgradeable (not unless you're a dab hand with surface mount soldering at least).
Regards,
John |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
1 edit | Does that mean you can get it on the 506? I have the older 506 platform but it seems to be the same device just not 10/100 and no USB.
Hardware: PIX-506, 256 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 8MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB |
|
jma24
@bulldogdsl.com
| Hi,
I can't swear that it will work for you, because it's clearly *not* a supported configuration, so proceed at your own risk!
However PIX 7.0 will easily fit into 8Mb flash (the image is 5Mb so you have about 2.5Mb spare). On this principle I decided to give it a go for a laugh on a PIX that someone gave me.
By this principle it should be able to run on any of the older PIXs that support a memory upgrade past 64Mb. Given that most PIX techs worth their salt won't touch a GUI, I wonder why Cisco are so adamant that it won't work.
Warnings over, this is how to do it in very general terms.
1) Boot your pix *on the console* and login
2) Back up the FS to tftp
3) Format the filesystem, delete all the files on it
4) Reboot to monitor mode
5) tftp boot the Pix from an image (6.3, 7.0, makes no odds)
6) copy tftp://server/pix701.bin flash:image
7) reload
8) request a new 3DES activation key from Cisco (free).
Regards,
John |
|
NeTwOrKDawg
Networking is a lifestyle
join:2005-04-25
Brantford, ON | reply to idolclub
Can anyone tell me how to do:
3) Format the filesystem, delete all the files on it
I have tried clear flashfs and no flashfs .. can't get rid of the PDM files in flash so can't update to 7.01 |
|
NeTwOrKDawg
Networking is a lifestyle
join:2005-04-25
Brantford, ON
1 edit | reply to idolclub
Oops never mind.. that wasn't hard...
Cisco PIX Security Appliance Software Version 7.0(1)
Compiled on Thu 31-Mar-05 14:37 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"
pixfirewall up 1 min 16 secs
Hardware: PIX-506E, 64 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0xfff00000, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: Ext: Ethernet0 : media index 0: irq 10
1: Ext: Ethernet1 : media index 1: irq 11
Licensed features for this platform:
Maximum Physical Interfaces : 2
Maximum VLANs : 2
Inside Hosts : Unlimited
Failover : Not supported
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 0
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform does not support Failover. |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
| said by NeTwOrKDawg :Oops never mind.. that wasn't hard... Would you mind sharing? I'm not going to make the switch till a couple more releases but I would like to know what the command is. |
|
