Software Licensing and Upgrades
In adjustment to accept a adjustable product, the PIX uses software licensing to accredit or
disable appearance aural the PIX OS.Although the accouterments is accepted to all
platforms (except that assertive licenses can address with added anamnesis or hardware
accelerators) and the software is common, appearance alter depending on the
activation key.
The activation key allows you to advancement appearance after accepting new
software, although the action is similar.The activation key is computed by Cisco
depending on what you accept ordered and your consecutive number, so it’s altered for
www.syngress.com
Figure 2.7 Sample Achievement from Cossack Sequence
66 Chapter 2 • Introduction to PIX Firewalls
each allotment of PIX accouterments you own.The consecutive cardinal is based on the flash, so
if you alter the flash, you accept to alter the activation key.
The activation key enables feature-specific advice such as interfaces,
high availability, and blazon of encryption. Added specific advice is begin in
the area on licensing.
To get advice about the activation key, use the appearance adaptation command.
The command provides advice about the cipher version, accouterments information,
and activation key information. Alternately, the command appearance activation-key
provides article like this:
Serial Number: 480090153 (0x1c9d9829)
Running Activation Key: 0x75fe7c49 0xc08b4082 0x08979930 0xe4b4c4b0
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 6
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
The beam activation key is the aforementioned as the active key.
This apparatus is a PIX 515 and has an complete license, with the maximum
number of interfaces permitted, including failover.
Updating the activation key in adaptation 6.2 of the PIX OS couldn’t be simpler.
The command activation-key
new value. Note that activation four-tuples are in hexadecimal, are case insensitive,
and don’t crave you to alpha the numbers with 0x.Thus the previously
mentioned apparatus could be set with:
PIX1(config)# activation-key 75fe7c49 c08b4082 08979930 e4b4c4b0
Updating the activation keys in above-mentioned versions is not abundant added complicated.
Power-cycle the PIX, and accelerate an Esc or Break to access adviser mode.This will
present you with a prompt:
monitor>
www.syngress.com
Introduction to PIX Firewalls • Chapter 2 67
Type a ? to see the options. Sample achievement is listed here:
Use ? for help.
monitor> ?
? this advice message
address [addr] set IP address
file [name] set cossack book name
gateway [addr] set IP gateway
help this advice message
interface [num] baddest TFTP interface
ping
reload arrest and reload system
server [addr] set server IP address
tftp TFTP download
timeout TFTP timeout
trace toggle packet tracing
It would be a acceptable abstraction to advancement your software at this time, but in any
event, the PIX will ask you if you appetite to amend your activation key at the end
of the TFTP process.