robinhoodis
join:2006-02-20
| reply to jma24
Re: Cisco PIX OS 7.0
how do you format the filesystem
I have tried
no flashfs
and
clear flashfs
after doing those commands I see the following, but I still see the filesystem restored after I reboot.
pixfirewall# clear flashfs
pixfirewall# show flashfs
flash file system: version:0 magic:0x0
file 0: origin: 0 length:0
file 1: origin: 0 length:0
file 2: origin: 0 length:0
file 3: origin: 0 length:0
file 4: origin: 0 length:0 |
|
justkidding
@pacbell.n
| reply to yaplej
Re: Cisco PIX OS 7.0 on PIX 520??
If we can change the HW ID for PIX 520 like below
Hardware: PIX-506E, 96 MB RAM, CPU Pentium II 300 MHz
^^^^^^^^^^^
(replace 520 to 515 or 525)
and I think FOS 7.0 could be run on PIX520
I am looking for a BIOS hack tool to change the HW ID |
|
jma24
@bulldogdsl.com
| reply to grunteled
Re: Cisco PIX OS 7.0
Hi,
I can't swear that it will work for you, because it's clearly *not* a supported configuration, so proceed at your own risk!
However PIX 7.0 will easily fit into 8Mb flash (the image is 5Mb so you have about 2.5Mb spare). On this principle I decided to give it a go for a laugh on a PIX that someone gave me.
By this principle it should be able to run on any of the older PIXs that support a memory upgrade past 64Mb. Given that most PIX techs worth their salt won't touch a GUI, I wonder why Cisco are so adamant that it won't work.
Warnings over, this is how to do it in very general terms.
1) Boot your pix *on the console* and login
2) Back up the FS to tftp
3) Format the filesystem, delete all the files on it
4) Reboot to monitor mode
5) tftp boot the Pix from an image (6.3, 7.0, makes no odds)
6) copy tftp://server/pix701.bin flash:image
7) reload
8) request a new 3DES activation key from Cisco (free).
Regards,
John |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
1 edit | reply to jma24
Does that mean you can get it on the 506? I have the older 506 platform but it seems to be the same device just not 10/100 and no USB.
Hardware: PIX-506, 256 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 8MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB |
|
jma24
@bulldogdsl.com
| reply to grunteled
Hi,
It is possible to run 7.0 on a Pix 506E. You can't however install ADSM, only the CLI.
My account manager at Cisco tells me that they are planning on doing a compressed image with a bootloader that should fit both PIX 7 and ADSM into 8Mb. Since together they are only ~10Mb that sounds feasible.
The Pix 506E is of course not flash upgradeable (not unless you're a dab hand with surface mount soldering at least).
Regards,
John |
|
Jugaad
join:2002-04-28
MARS!!
| reply to Jugaad
Reminds me of a saying >>
"Get ready to change....or get replaced"
Hehe..best of luck to u all
--
Not able to get online? Good!! Go out and meet friends  |
|
Jugaad
join:2002-04-28
MARS!!
| reply to grunteled
Everyone hates it when there are changes. I hated it too when PIX 7.0 came out. But, when I started working on it I starting liking it...n now I love it...
There is so much more I can do with it. And I have started liking the IOS like CLI too...Much easier to work with...Tabbed input etc...
I would suggest people to take the plunge into 7.x in near future... You won't regret it...But like all cutting edge stuff it needs to mature and smoothen out the bugs...as a thumb rule I deploy new line of code after atleast 6 months of it being out...enough time for people to find bugs and report to the manufacturer...
--
Not able to get online? Good!! Go out and meet friends |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
| reply to Jugaad
said by Jugaad  :PIX CLI moving towards IOS sounds good to people who work mostly on IOS. But, for someone who works mostly on PIX, moving towards IOS is a big irritation. For years I looked at IOS and said thank god my PIX CLI is not like that. It definitely is a router vs pix guy thing. I came from routers and got a PIX forced on me several years ago. Since then I've taken over the rest of them. While the commands were in places similar, I always felt a little out of place. I hate the 6.x command line help... especially on complex commands. I bang the tab key constantly to no avail on the PIX. I also hate the forced NAT and NAT exclusion between security levels on the interfaces. It complicates the config greatly where numerous interfaces are involved.
7.X is a whole new affair. I'm a little apprehensive because it is very different than 6.X in it's commands and structure. That's going to mean more reading for me. However command help is much improved IMO. Tab completion is nice and the ability to remove the forced NAT is VERY welcome in my environment. Our lab firewall is on 7.0.1 and so far I like it. It will be some time before we take it into production on our main firewall pair.
I agree with you though to a point. I'd rather have better security than a kitchen-sink of router and firewall and IDS in one box. |
|
grunteled
Puffy And Prickly
Premium
join:2001-06-13
Kansas City, MO
clubs:
| reply to webnetwiz
said by webnetwiz :Pix 520 will not be supported. Neither will the 501, 506, 506E (506E will be supported a little later with a memory upgrade), 515. All other Pixes, 515E, 525 and 535 will be supported. So is the 506 going to be included when the 506E gets there? I have 256M on my 506 and I'd like to take it to 7.x if possible. If not 6.3 is pretty good too. I was pretty excited to finally be able to use VLANs on the 506. Pretty powerful firewall for my home use  |
|
yash0
join:2005-05-10
Israel
| reply to Jugaad
Re: Cisco PIX OS 7.0 on PIX 520??
good & bad news:
1) your trick worked like a charm. put a genuine pdm file
on tftp server, do "copy tftp", pull the network cable
mid-transfer, and reboot: pdm is history.
Very cool indeed!
2) after this there was enough flash mem available and
we were able to install the pix701 image and reboot.
3) but: after installing the image, it wouldn't boot :-(
it would start the boot sequence, and reset itself,
in an endless loop.
It seems that Cisco was serious about not supporting 7.0
on the 520...
Thanks anyway! |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
 ·Charter Pipeline
| reply to Jugaad
So why the change in heart? Iv been running 7.0 on a pair of 515-UR's with 64MB of ram. I haven't tried anything extremely resource intensive because they are just in my lab, but 7.0 will run on a 515-UR with 64MB in case someone was wondering |
|
Jugaad
join:2002-04-28
MARS!! | reply to Jugaad
BTW
I love the new PIX OS 7 now. |
|
Jugaad
join:2002-04-28
MARS!!
| reply to yash0
1 way to get rid of PDM is this
copy PDM file to TFTP server
issue copy tftp flash:pdm on pix
PIX will check and see that there is a valid PDM file on TFTP server. it will say 'erasing current PDM file..'
It will now start pulling PDM file from TFTP server. Just shut down the TFTP server at this point or pull the ethernet cable (before the PDM download completes)
TFTP will now time out and PIX do 'erasing partial PDM file...'
Net result is that PDM is no more on the PIX.
Just reload the PIX once before you start your experiment
--
Not able to get online? Good!! Go out and meet friends |
|
yash0
join:2005-05-10
Israel
| reply to Jugaad
I know that Cisco Docs say 520 will not
be supported with 7.0. However, my 520
has 16MB Flash and 128MB RAM which seems
to be enough by the specs.
I tried to upgrade using tftp, and the process
starts OK but dies half-way through and complains
that it doesn't have enough memory. Tried to do it
from monitor mode (boot with floppy) with same results.
So I'm wondering if maybe it CAN be made to work??
Unfortunately I have the PDM for 6.3 installed in the
flash mem too (I never use it) and that eats up
a few MB. It seems that there isn't enough flash left for
the 5MB of pix7.0 to co-exist with 6.3 & pdm while
the upgrade is in progress.
Questions:
1) does anyone know how to get rid of the PDM and free
up the flash? We tried various things with the "flashfs"
command, and with "downgrade" in monitor mode, but
after a power cycle the flash seems to be restored.
I don't mind erasing everything on this box, so feel
free to suggest any aggressive idea that could help
2) do you think that adding more flash memory will help
(assuming I can get flash for this box)?
TIA,
yash |
|
Jugaad
join:2002-04-28
MARS!!
| reply to Batman0077
Re: Cisco PIX OS 7.0
It's not released for public yet. However, if you want it, then enroll as a beta tester then maybe you'll get it. It should be out publically in one or two months.
word of advice...don't think of going to production with it when it's out. new releases have a lot of bugs. Best would be to wait it out for a few months and let the software mature...
--
Not able to get online? Good!! Go out and meet friends |
|
csbadboyz
Csbadboyz
Premium
join:2003-11-14
Sanford, FL
| reply to Batman0077
TechManDude, said it all. Unfortunately Cisco, told me to stay away from the PDM, as it was buggy, and messed up my config. So I only us the PDM to monitor. CLI is easier to use after you get familiar with the structure.
--
VoIP on FWD & Lingo |
|
Batman0077
join:2005-03-22 | reply to Jugaad
Hi, could someone please tell where abouts on the cisco website you found OS 7.0 for download. I do have a CCo login, or if you someone could email me the files.
Thank you in advance |
|
Jugaad
join:2002-04-28
MARS!!
| reply to webnetwiz
PIX CLI moving towards IOS sounds good to people who work mostly on IOS. But, for someone who works mostly on PIX, moving towards IOS is a big irritation. For years I looked at IOS and said thank god my PIX CLI is not like that.
But, majority of Cisco products users are IOS users and so PIX admins won't have a say here. Because the majority assumes that everyone loves IOS integration.
Regarding ASDM, it is an offshoot of the PDM. How many serious users used PDM to configure the PIX? It was mostly used for monitoring the PIX. But with the complicated IOS code introduced in PIX 7, there is no option other than to move towards GUI initially.
Yes, ADSM feels a lil better than the PDM, but it is a GUI and GUI would never be able to give a feeling of complete security, except for someone who uses stuff like zone alarm or checkpoint.
There is something beautiful about the PIX and it's simple CLI that helps enforce security just like you want it. The OS 7's new complicated structure somehow takes away what I like the best about PIX.
So, I am doing some self hypnosis right now --- "....I like PIX OS 7...I like PIX OS 7...."
--
Not able to get online? Good!! Go out and meet friends |
|
webnetwiz
There's no place like 127.0.0.1
Premium
join:2004-09-22
Van Nuys, CA
| reply to yaplej
Not to be mean or to put down others, but other than a VPN concentrator product line, which was obtained by Cisco when they ate up Altiga, every Cisco device is easier to configure via command line. In the Pix, my access list is 4 lines, and I'm hosting a server that runs a bunch of things. The reason that the access list is so short is because I use object groups. I did not find a way to do that through PDM, and it would've taken me way longer to do that than use command line's intuitive and never failing helper, the "?".
In regards to PIX OS turning more like the IOS, that is just inevitability. Cisco has moved passed CatOS (which in my opinion is the greatest OS for switches, and I wish they'd keep it, but....) to Hybrid IOS (the one using vlan database command to configure Layer 2 portion), then to Native IOS, like they run on 6500s with Sup720s.
The Goal is to eventually just have flavours for different devices, but the core set of commands to be the same, that way it's easier for Cisco to manage it and maintain it. |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR | reply to bsddaemon
When is 7.0 due to be released anyway? |
|
