[rescue] Cisco PIX 506 questions
phil at tux.obix.com
Tue Jul 3 16:57:29 CDT 2007
Chad McAuley wrote:
> What options do I have for getting upgraded firmware? I'm assuming
> it's the usual SmartNet/CCO deal like any other piece of Cisco
> equipment, but given that the PIX 506 was EOLed in 2002 and even the
> hardware support expired in May of this year would it even be
> possible to get a smartnet contract for this?
Good luck, there are only 2 ways to get a firmware upgrade; obviously
one of those is a SmartNet, and to say Cisco is anal about SmartNets is
putting it lightly, especially when the device in question is EOL'd
*and* the smartnet has expired.
BTW the only organization who can get a SmartNet on it is $WORK, and due
to the fact that a) PIX 506s are EOL'd and b) the smartnet was allowed
to expire it may not be possible for anyone to ever again get a SmartNet
for it, period.
The other way would be $WORK, if they have a CCIE or three on hand they
should have the access to download the firmware anyways. Or was that a
CCNA or three? I forget.
Or as Bill says, buddy up with someone who has the requisite CCO access ;)
> 2) Assuming I can get a firmware upgrade for this one way or another,
> anything I should keep in mind using it in place of a consumer
> router/firewall? Obviously the initial configuration will be
> different from what I'm used to with consumer stuff, but from what I
> can tell it should have all the functionality I need/want and then
> some. I'm more wondering if there's any unresolved glitches/bugs in
> the firmware I should be aware of or anything like that.
To say PIXes are non-intuitive is putting it lightly.
A good place to start is this (link may be line wrapped):
Based on my limited experience with Finesse 7.x (Finesse is the official
name of the PIX software, most people call it IOS which is very
different) it is a lot easier than it used to be. Not that 7.x would run
on a 506 ;)
Personally I think a 26[11|21] w/ the firewall feature set is a lot
easier to set up. It won't have the performance levels of a PIX though.
Finesse is generally pretty well debugged and extremely reliable; that
goes doubly for something as old as 6.3. You have a better chance of
hitting not-yet resolved issues with 7.x.
phil at tux.obix.com
More information about the rescue