idolclub
join:2003-12-24
1 edit | Cisco PIX OS 7.0
The new Cisco PIX OS 7.0 has many new features, include IM/P2P blocking, IPv6 Networking, QoS Services, Time-Based ACLs, Layer 2 Transparent Firewall....At the same time, the PDM also upgrade to v5.0. But the new PIX7.0 & PDM 5.0 only support PIX515E or above, need 16MB Flash & mini 128MB Ram. My PIX506E only has 8MB Flash, can't upgrade. Anyone has test it?
»www.cisco.com/en/US/products/hw/···dex.html
»www.cisco.com/en/US/products/hw/···ae1.html |
|
kub326
Premium
join:2004-02-10
Costa Mesa, CA | I'd like to know if it will run on a PIX 520. I know that the 520 has been EOL'd, but it does meet the memory requirements. |
|
bsddaemon
join:2001-12-22
Dayton, OH | reply to idolclub
It is not released yet to be tested |
|
webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA | Pix 520 will not be supported. Neither will the 501, 506, 506E (506E will be supported a little later with a memory upgrade), 515. All other Pixes, 515E, 525 and 535 will be supported. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
 ·Charter Pipeline
 ·Clearwire Wireless
| reply to idolclub
Has anyone found the 128 memory upgrade for the PIX 515? I haven't found it for sale through CDW yet. Iv got two that will need the memory. Im hoping its not so over priced that Ill need to take out a small loan to purchase the memory. Why am I even hoping? This is Cisco equipment. Memory is always WAY overpriced.
Looks like 7.0 does have some really cool features I really like the inclusion of active/active options. |
|
idolclub
join:2003-12-24
| reply to webnetwiz
said by webnetwiz  :Pix 520 will not be supported. Neither will the 501, 506, 506E (506E will be supported a little later with a memory upgrade), 515. All other Pixes, 515E, 525 and 535 will be supported. PIX506E only has 8MB flash, is PIX7.0 can install in 8MB flash? |
|
webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA
| I'm going to assume that what would happen with 506E is that the OS will be zipped, or packaged if you will, and since you'll be required to upgrade memory, the OS will be extracted to RAM and will run from RAM. I believe that also may be the reason why 506E will be supported later than the overall release of 7.0 to customers. |
|
Jugaad
join:2002-04-28
MARS!!
|  reply to idolclub
I didn't like the PIX OS 7. It turned the PIX into a router. None of the older commands work. PIX admins thinking of going to PIX OS 7 will have to unlearn all you have learned over the years and start fresh.
But, I guess with time I'll have to start liking the new OS. Change is inevitable.
--
Not able to get online? Good!! Go out and meet friends  |
|
tomkb
Premium
join:2000-11-15
Avon, OH
clubs:
·RoadRunner Cable
| said by Jugaad :I didn't like the PIX OS 7. It turned the PIX into a router. None of the older commands work. PIX admins thinking of going to PIX OS 7 will have to unlearn all you have learned over the years and start fresh. But, I guess with time I'll have to start liking the new OS. Change is inevitable. New skills keeps the money rolling in. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR | reply to idolclub
So consistency within Cisco product lines is a bad thing? |
|
lestat99
join:2000-08-04
Piscataway, NJ | reply to Jugaad
If you are having trouble with the CLI why don't you just use the GUI? The latest GUI is very user friendly and even has configuration "wizards" for setting up features such as VPN access. |
|
idolclub
join:2003-12-24
| said by lestat99 :If you are having trouble with the CLI why don't you just use the GUI? The latest GUI is very user friendly and even has configuration "wizards" for setting up features such as VPN access. Does the new GUI(PDM 5.0) can support range Port Forwarding? In the PIX 6.3, if I want to forward TCP port 1400-1420 to one internal IP, I must to write 20 ACLs. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR | reply to bsddaemon
When is 7.0 due to be released anyway? |
|
webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA
| Not to be mean or to put down others, but other than a VPN concentrator product line, which was obtained by Cisco when they ate up Altiga, every Cisco device is easier to configure via command line. In the Pix, my access list is 4 lines, and I'm hosting a server that runs a bunch of things. The reason that the access list is so short is because I use object groups. I did not find a way to do that through PDM, and it would've taken me way longer to do that than use command line's intuitive and never failing helper, the "?".
In regards to PIX OS turning more like the IOS, that is just inevitability. Cisco has moved passed CatOS (which in my opinion is the greatest OS for switches, and I wish they'd keep it, but....) to Hybrid IOS (the one using vlan database command to configure Layer 2 portion), then to Native IOS, like they run on 6500s with Sup720s.
The Goal is to eventually just have flavours for different devices, but the core set of commands to be the same, that way it's easier for Cisco to manage it and maintain it. |
|
Jugaad
join:2002-04-28
MARS!!
| PIX CLI moving towards IOS sounds good to people who work mostly on IOS. But, for someone who works mostly on PIX, moving towards IOS is a big irritation. For years I looked at IOS and said thank god my PIX CLI is not like that.
But, majority of Cisco products users are IOS users and so PIX admins won't have a say here. Because the majority assumes that everyone loves IOS integration.
Regarding ASDM, it is an offshoot of the PDM. How many serious users used PDM to configure the PIX? It was mostly used for monitoring the PIX. But with the complicated IOS code introduced in PIX 7, there is no option other than to move towards GUI initially.
Yes, ADSM feels a lil better than the PDM, but it is a GUI and GUI would never be able to give a feeling of complete security, except for someone who uses stuff like zone alarm or checkpoint.
There is something beautiful about the PIX and it's simple CLI that helps enforce security just like you want it. The OS 7's new complicated structure somehow takes away what I like the best about PIX.
So, I am doing some self hypnosis right now --- "....I like PIX OS 7...I like PIX OS 7...."
--
Not able to get online? Good!! Go out and meet friends |
|
Batman0077
join:2005-03-22 | Hi, could someone please tell where abouts on the cisco website you found OS 7.0 for download. I do have a CCo login, or if you someone could email me the files.
Thank you in advance |
|
csbadboyz
Csbadboyz
Premium
join:2003-11-14
Sanford, FL
| TechManDude, said it all. Unfortunately Cisco, told me to stay away from the PDM, as it was buggy, and messed up my config. So I only us the PDM to monitor. CLI is easier to use after you get familiar with the structure.
--
VoIP on FWD & Lingo |
|
Jugaad
join:2002-04-28
MARS!!
| reply to Batman0077
It's not released for public yet. However, if you want it, then enroll as a beta tester then maybe you'll get it. It should be out publically in one or two months.
word of advice...don't think of going to production with it when it's out. new releases have a lot of bugs. Best would be to wait it out for a few months and let the software mature...
--
Not able to get online? Good!! Go out and meet friends |
|
yash0
join:2005-05-10
Israel
| reply to Jugaad
Re: Cisco PIX OS 7.0 on PIX 520??
I know that Cisco Docs say 520 will not
be supported with 7.0. However, my 520
has 16MB Flash and 128MB RAM which seems
to be enough by the specs.
I tried to upgrade using tftp, and the process
starts OK but dies half-way through and complains
that it doesn't have enough memory. Tried to do it
from monitor mode (boot with floppy) with same results.
So I'm wondering if maybe it CAN be made to work??
Unfortunately I have the PDM for 6.3 installed in the
flash mem too (I never use it) and that eats up
a few MB. It seems that there isn't enough flash left for
the 5MB of pix7.0 to co-exist with 6.3 & pdm while
the upgrade is in progress.
Questions:
1) does anyone know how to get rid of the PDM and free
up the flash? We tried various things with the "flashfs"
command, and with "downgrade" in monitor mode, but
after a power cycle the flash seems to be restored.
I don't mind erasing everything on this box, so feel
free to suggest any aggressive idea that could help
2) do you think that adding more flash memory will help
(assuming I can get flash for this box)?
TIA,
yash |
|
Jugaad
join:2002-04-28
MARS!!
|
1 way to get rid of PDM is this
copy PDM file to TFTP server
issue copy tftp flash:pdm on pix
PIX will check and see that there is a valid PDM file on TFTP server. it will say 'erasing current PDM file..'
It will now start pulling PDM file from TFTP server. Just shut down the TFTP server at this point or pull the ethernet cable (before the PDM download completes)
TFTP will now time out and PIX do 'erasing partial PDM file...'
Net result is that PDM is no more on the PIX.
Just reload the PIX once before you start your experiment
--
Not able to get online? Good!! Go out and meet friends |
|
