Time Estimate for PIX Operating System Upgrade.

Discussion in 'Cisco' started by darkmoo, Jul 21, 2006.

  1. darkmoo

    darkmoo Guest

    Haven't upgraded the firmware on a PIX firewall before, how long does it
    roughly take?
    darkmoo, Jul 21, 2006
    #1
    1. Advertising

  2. darkmoo

    Scotty Guest

    It depends on which version you are upgrading to and from.

    If you are jumping a major release then you need to watch for commands
    that get changed through the upgrade. Cisco has changed some commands.
    There is always a document on their site with these details.

    As for actual time to upgrade it is usually over within a matter of 5
    mins. Reload and your done.

    Another thing to watch out for is that you have enough memory on board
    to do the trick. Check the requirements.

    Scotty

    darkmoo wrote:
    > Haven't upgraded the firmware on a PIX firewall before, how long does it
    > roughly take?
    Scotty, Jul 21, 2006
    #2
    1. Advertising

  3. In article <>,
    Scotty <> top-posted:

    [Please do not top-post, Scotty. It is easier to follow conversations
    that are mid-posted.]

    >darkmoo wrote:
    >> Haven't upgraded the firmware on a PIX firewall before, how long does it
    >> roughly take?


    >It depends on which version you are upgrading to and from.


    >If you are jumping a major release then you need to watch for commands
    >that get changed through the upgrade. Cisco has changed some commands.
    >There is always a document on their site with these details.


    >As for actual time to upgrade it is usually over within a matter of 5
    >mins. Reload and your done.


    I agree. If you jump to a new edition (e.g., 5.x to 6.x, or 6.2 to 6.3),
    there is a -possibility- that one of the command changes will
    alter functionality that you depend on; if you haven't prepared for
    that in advance, it could leave you scrambling. Going to 7.x from 6.x
    in particular involves a -lot- of command rewriting, and the resulting
    configuration needs careful study before you rely on it.


    My usual upgrade cycle was to:

    1) tftp off a copy of the current [active] configuration; 2) compare
    that configuration to my master configuration in case -somehow- an
    unrecorded change to the master configuration had crept in; 3) if
    necessary, change the master configuration, generate a new target
    configuration (my master configurations were parameterized), load in
    the new command set, and cycle back to comparing the resulting active
    configuration to the master configuration.

    Eventually at some point I will have an active configuration and
    master configuration that agree. 5) *Then* I can start the upload
    of the new software to the PIX. 6) reboot the PIX; 7) copy the
    new active configuration off; 8) compare the active upgraded
    configuration to the previous and use it to create a new master
    configuration; 9) new master in hand, generate a new target configuration,
    load that in; 10) loop back to loading the now active configuration...
    until eventually the new master configuration generates the same
    configuration that the upgraded PIX is willing to hold.

    If I did not go through the pre-upgrade reconciliation then I wouldn't
    be sure which changes to the active configuration were due to the
    upgrade and which were lurking from previous sessions where one of
    the firewall admins had changed the active configuration but not
    recorded it in the master configuration.

    The actual software installation was almost always the fastest part
    of all of this: verifying the configurations can take a fair while
    (my master configurations were full of comments, which get stripped out
    by the PIX and so not there to be loaded back for the reconciliation
    cycle, so the active configuration is always missing a lot of lines
    relative to the master configuration; if one is not careful, one can
    easily overlook a missing command or two along the way.)
    Walter Roberson, Jul 21, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    654
    Martin Gallagher
    Dec 1, 2005
  2. Guest

    Give me your estimate...

    Guest, Apr 5, 2004, in forum: MCSE
    Replies:
    8
    Views:
    449
  3. Reactor

    Re: Estimate the call volume?

    Reactor, Aug 21, 2003, in forum: VOIP
    Replies:
    0
    Views:
    1,361
    Reactor
    Aug 21, 2003
  4. Giuen
    Replies:
    0
    Views:
    872
    Giuen
    Sep 12, 2008
  5. coderazor

    70-316 preparation time estimate

    coderazor, Dec 15, 2004, in forum: MCAD
    Replies:
    0
    Views:
    302
    coderazor
    Dec 15, 2004
Loading...

Share This Page