Software Upgrade and Downgrade Issues

Software Upgrade and Downgrade Issues

Before proceeding with the upgrade to PIX Firewall Version 7.x, it's important to understand the minimum requirements in terms of hardware, software and the memory. Also it's important to understand different types of releases, which are as follows:

  • Major Feature Releases Major feature releases contain, of course, all the new major features. Typically these releases are not frequent. PIX Firewall Versions 6.0(1), 6.1(1), 6.2(1), 6.3(1), and 7.0(1) are examples of major releases.

  • Maintenance Releases Maintenance releases introduce minor features of PIX Firewall. PIX Versions 6.0(2), 6.0(3), and 6.0(4) are examples of maintenance releases. Also, bugs are fixed in maintenance releases, which are published on the Cisco web site more frequently than the major releases. In addition, the maintenance release features are combined to form the next major release.

  • Interim Releases Interim releases are for bug fixes. All the interim releases, along with additional new minor features, are combined to form the next maintenance release. Examples of interim releases are 6.0(2.100), 6.0(2.101), and 6.0(2.122).

Once you become comfortable with the release process, quickly go through the following list to understand the minimum hardware, software, memory, and flash requirement:

  • Minimum hardware Requirements PIX Version 7.0 software can be upgraded on PIX 515/515E, PIX 525, and PIX 535 platforms. This version is not currently supported on PIX 501 or PIX 506/506E platforms.

  • Minimum software Requirements You must be running Version 6.2 or later to upgrade to PIX Version 7.0. So, if you are running a PIX version earlier than 6.2, you must first upgrade to PIX Version 6.2 or PIX Version 6.3 before you can proceed with the upgrade.

  • Minimum Memory Requirements To upgrade the PIX 515 or PIX 515E, you need to upgrade the memory before performing an upgrade. The PIX 515 and PIX 515E memory upgrades do not require a BIOS update. The minimum flash memory requirement is 16 MB. The memory requirement is based on the types of licenses you have on the PIX as shown in Table 3-8.

    Table 3-8. Memory Requirements Based On License on PIX 515 and PIX 515E

    Restricted License

    Unrestricted License

    64 MBAdd an additional 32 MB module to your current 32 MB

    128 MBRemove your two 32 MB modules and install a single 128 MB module


    Note

    For PIX 515 and PIX 535 platforms that use 8 MB of Flash memory on versions earlier than PIX Version 7.0, the Flash size automatically expands to 16 MB when upgrading to PIX Version 7.0, which is sufficient for PIX Version 7.0 operation. However, you need to perform the upgrade from ROM Monitor mode.


  • Minimum connectivity requirements The minimum connectivity requirements to perform an upgrade to PIX Version 7.0 are:

    - A PC that is connected to any network port of the PIX and is running TFTP software. (Your PC can be connected to the PIX using a switch or a crossover cable).

    - A console connectivity program to talk to the PIX (HyperTerminal or another Terminal Emulation program, DB-9 connector, and rollover cable).

Depending on the platform, you can upgrade the PIX firewall in one of the two following ways:

Standard Upgrade Procedure

You can a use standard upgrade procedure for any model of PIX other than PIX 515 (not PIX 515E), and PIX 535 to upgrade the PIX from 6.x to 7.x.

1.
Ensure the IP connectivity between the PIX and the TFTP server with the ping command:

PIX# ping 20.1.1.100

Replace 192.168.2.200 with your TFTP server IP address.

2.
Save the current configuration with the write net command to the TFTP server.

PIX# write net 20.1.1.100:pix63config.txt

3.
Copy the PIX Firewall binary image (for example, pix702.bin) to the root directory of the TFTP server.



4.
Execute the following command to initiate the upgrade process:

PIX# copy tftp flash:image

5.
Enter the IP Address of the TFTP server at the following prompt:

Address or name of remote host [0.0.0.0]? 

6.
Enter the name of the file on the TFTP server that you wish to load. This will be the PIX binary image file name.

Source file name [cdisk]? 

7.
Type yes when prompted to start the TFTP copy.

copying tftp://172.18.173.123/pix701.bin to flash:image
[yes | no | again]? yes

The image will now be copied over from the TFTP server to Flash. You should see the following messages indicating that the transfer was successful, the old binary image in Flash is being erased, and the new image is written and installed.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Received 5124096 bytes
Erasing current image
Writing 5066808 bytes of image
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Image installed
PIX#

8.
Check and set the correct boot variable.

After copying the file to Flash, confirm the configuration boot command with the following command:

PIX# show running-config | grep boot
boot system flash:/pix701.bin
PIX#

If the boot system is pointing to the correct file, execute the write memory command to retain this configuration.

PIX# write memory

The correct <filename> is the name of the file on Flash that was copied from the TFTP server earlier. It should show something like boot system flash:/.

9.
If boot system file is set up incorrectly, remove and set this up in the configuration mode:

PIX# configure terminal
PIX(config)# no boot system flash:pix701.bin
PIX(config)# boot system flash:pix.702.bin
PIX(config)# exit
PIX# write memory



10.
Reload PIX Firewall to boot the new image.

PIX# reload
Proceed with reload? [confirm]


Rebooting....

The PIX will now boot the 7.0 image.