Upgrading the Operating System Using the copy tftp
flash Command
Step 1 Download the binary software image file pixnnx.bin, where nn is the
version number and x is the release number (which you can find at
Cisco.com in the document “Cisco PIX Firewall Upgrading Feature
Licenses and System Software”). Place the image file in the root of your
Trivial File Transfer Protocol (TFTP) server.
Step 2 Enter the copy tftp flash command.
Step 3 Enter the Internet Protocol (IP) address of the TFTP server.
Step 4 Enter the source filename (the image file you downloaded—*.bin).
Step 5 Enter Yes to continue.
Example 4-3 shows a sample upgrade.
Upgrading the Operating System Using Monitor Mode
If you are upgrading your Cisco PIX Firewall from version 5.0.x or earlier to version 5.1.x
or later, you will need to use the boothelper or monitor mode method for the upgrade
because before version 5.1, the PIX Firewall software did not provide a way to TFTP an
image directly into Flash. Starting with PIX Firewall software version 5.1, the copy tftp flash
command was introduced to copy a new image directly into the PIX Firewall’s Flash.
The following steps describe how to upgrade the PIX Firewall using monitor mode:
Step 1 Download the binary software image file pixnnx.bin, where nn is the
version number and x is the release number (which you can find at
Cisco.com in the document “Cisco PIX Firewall Upgrading Feature
Licenses and System Software”). Place the image file in the root of your
TFTP server.
Step 2 Reload the PIX Firewall, and press the Esc key (or enter a BREAK
character) to enter monitor mode. For PIX devices running version 5.0
and earlier, a boothelper disk is required. (See the section “Creating a
Boothelper Disk Using a Windows PC,” later in this chapter.)
Step 3 Use the interface command to specify out of which PIX Firewall
interface the TFTP server is connected. The default is interface 1
(inside). The Cisco PIX Firewall cannot initialize a Gigabit Ethernet
interface from monitor or boothelper mode. Use a Fast Ethernet or
Token Ring interface instead.
Step 4 Use the address command followed by an IP address to specify the PIX
Firewall interface IP address.
Step 5 Use the server command followed by an IP address to specify the TFTP
server’s IP address.
Step 6 Use the file command followed by the filename of the image on the
TFTP server to specify the filename of the Cisco PIX Firewall image.
Step 7 Use the ping command followed by the IP address of the TFTP server
to verify connectivity. (This is an optional, but recommended,
command to test connectivity.)
Step 8 If needed, enter the gateway command to specify the IP address of a
router gateway through which the server is accessible. (This is also an
optional command.)
Step 9 Enter tftp to start downloading the image from the TFTP server.
Step 10 After the image downloads, you are prompted to install the new image.
Enter y to install the image to Flash.
Step 11 When prompted to enter a new activation key, enter y if you want to
enter a new activation key or n to keep your existing activation key.