RE: [fw-wiz] Upgrading PIX software

From: Sanford Reed (sanford.reed_at_cox.net)
Date: 11/02/05

  • Next message: Matthew Davis: "[fw-wiz] Question about setting up PIX firewall" 
    To: "'Vahid Pazirandeh'" <vpaziran@yahoo.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 2 Nov 2005 13:32:48 -0500

    Having installed and managed numerous PIX Devices I have that maximizing the
    RAM from the start is the best practice. If you can afford it I strongly
    suggest that you put the Maximum amount of RAM in from the start. Example:
    Of 5 different PIX installations I had to go back at a later date and
    upgrade the RAM on 4 due to OS upgrades. Granted these upgrades occurred
    over a 2-year period but they still had to be done. In addition I have found
    that the more RAM the better the PIX operated.

    1 - As I stated above I suggest that you maximize the RAM. Yes the
    additional 32 MB should allow you to run OS V7.0 however it may limit you on
    future versions, even 'minor' V7.x 'patches'.

    2 & 3 - You can only download software upgrades, patches, or Major version
    upgrades if you purchase a Support Contract (SMARTnet) from Cisco via one of
    their Partners. This will get you the logins needed to access the
    appropriate sections of their web site. As to upgrade limitations as long as
    you have the Support contract you are only limited by the hardware and
    whether the 'new' software can be supported on that hardware. Some version
    upgrades may require more RAM (which is why I recommend MAXing the RAM now)
    or even a BIOS loader upgrade. I have found these readily available when
    required.

    Two points on the SMARTnet Contracts:

    1. The Contracts come in different levels of support: 8x5 NBD, 7x24 NBD, and
    7x24 On-site (NBD - Next Business Day). I strongly suggest you investigate
    each and decide for your self what is needed as the higher the level of
    support the more it will cost you. Look here for some descriptions:

    http://www.cisco.com/en/US/products/services_descriptions_list.html

            a. If the PIX is not a 'Business Critical' connection such that if
    it failed and the connection would be 'off-line' for a few days (weekend
    plus 1 to restore configuration) then maybe the 8x5 NBD would work.

    Warning - you will be surprised how 'fast' this connection may become
    'Business Critical' even if there is no obvious business need.

            b. Do you have anyone knowledgeable in PIX configurations available
    to assist you programming and/or maintaining it?

    I could go on but these are the type of questions you will need to ask
    yourself to decide what level of Support you will need. In addition some of
    the Support offers may be more cost effective from your local Cisco Partner
    on a "Time & Material" basis.

    Sanford Reed
    Reed & Associates

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Vahid
    Pazirandeh
    Sent: Thursday, October 27, 2005 6:21 PM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Upgrading PIX software

    Hey All,

    Quick questions here. I'm planning to buy PIX-515E-R-DMZ-BUN (which comes
    with 32MB RAM). I also want to use PIX OS v7.x. I read that I'll need 64MB
    of RAM to support 7.x, in "Minimum Memory Requirements":

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_up
    gd/pixupgrd.htm#wp1032446

    So I'll also buy PIX-515-MEM-32.

    1. Will purchasing PIX-515E-R-DMZ-BUN and PIX-515-MEM-32 be enough to get
    PIX OS 7.x going? The image is freely downloadable from cisco.com, right?

    2. What kind of software upgrade limitations should I expect in the future?
    How is it determined if I can upgrade to 8.x, 9.x, etc? Is it free?

    3. Can I always count on free security patches, or is there a license I
    need?

    Kind regards,
    Vahid

    =============================================
     "Make it better before you make it faster."
    =============================================

            
                    
    __________________________________
    Yahoo! Mail - PC Magazine Editors' Choice 2005
    http://mail.yahoo.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Matthew Davis: "[fw-wiz] Question about setting up PIX firewall"

    Relevant Pages

    • Re: Linux future at the desktop
      ... >> require an activation key. ... but we don't support that software anymore. ... You may need another Terabyte of RAM to handle the 3D rendered GUI ... > and no-one would ever need to upgrade again. ...
      (alt.os.linux.suse)
    • Re: How do I upgrade the IOS on a Cisco Pix firewall from 4.4 to 6.3?
      ... my boss put one on my desk and asked me to upgrade it to 6.35. ... PIX Classic: cannot be done -- does not run PIX 6.x software ... It is thus not acceptable to Cisco to upgrade it now ... to PIX 6.3 under the terms of any support contract. ...
      (comp.security.firewalls)
    • Re: WINDOWS 98, WINDOWS ME, AND EBAY PIC HOSTING...NO MORE!!!
      ... I used to use an old Celeron 500 until last year, and I know that it wouldn't have taken more than 256MB RAM. ... Why should a person be FORCED to buy a new system or upgrade just to use eBay? ... While I don't rush out to upgrade like a lot of people do, I don't think it's unreasonable to drop support for something more than a decade old, that's well beyond the expected lifespan of a PC. ... On a related note, the last time I took some broken monitors to a recycle event, there was a pile probably 10'x10' and 5' high of computers being scrapped. ...
      (rec.games.video.arcade.collecting)
    • Re: Upgrading PC, should I use a 32-bit or 64-bit kernel?
      ... I'm getting an Athlon X2 6000+ ... with 4 GB of RAM, but I'm not sure if a 32-bit kernel can support 4 GB ... I stick with my 32-bit one right now, or upgrade to 64-bit? ...
      (comp.os.linux.misc)
    • Re: PIX 6.3(1) to 7 version
      ... You should upgrade all of those. ... If you have a support ... When you buy the new PIX 515, you'll get a CD with current firmware ...
      (comp.dcom.sys.cisco)