[rescue] Cisco PIX 506 questions

Phil Brutsche phil at tux.obix.com
Tue Jul 3 16:57:29 CDT 2007 

Chad McAuley wrote:
> What options do I have for getting upgraded firmware?  I'm assuming 
> it's the usual SmartNet/CCO deal like any other piece of Cisco 
> equipment, but given that the PIX 506 was EOLed in 2002 and even the
> hardware support expired in May of this year would it even be 
> possible to get a smartnet contract for this?

Good luck, there are only 2 ways to get a firmware upgrade; obviously
one of those is a SmartNet, and to say Cisco is anal about SmartNets is
putting it lightly, especially when the device in question is EOL'd
*and* the smartnet has expired.

BTW the only organization who can get a SmartNet on it is $WORK, and due
to the fact that a) PIX 506s are EOL'd and b) the smartnet was allowed
to expire it may not be possible for anyone to ever again get a SmartNet
for it, period.

The other way would be $WORK, if they have a CCIE or three on hand they
should have the access to download the firmware anyways. Or was that a
CCNA or three? I forget.

Or as Bill says, buddy up with someone who has the requisite CCO access ;)

> 2) Assuming I can get a firmware upgrade for this one way or another,
> anything I should keep in mind using it in place of a consumer 
> router/firewall?  Obviously the initial configuration will be 
> different from what I'm used to with consumer stuff, but from what I 
> can tell it should have all the functionality I need/want and then 
> some.  I'm more wondering if there's any unresolved glitches/bugs in 
> the firmware I should be aware of or anything like that.

To say PIXes are non-intuitive is putting it lightly.

A good place to start is this (link may be line wrapped):
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html

Based on my limited experience with Finesse 7.x (Finesse is the official
name of the PIX software, most people call it IOS which is very
different) it is a lot easier than it used to be. Not that 7.x would run
on a 506 ;)

Personally I think a 26[11|21] w/ the firewall feature set is a lot
easier to set up. It won't have the performance levels of a PIX though.

Finesse is generally pretty well debugged and extremely reliable; that
goes doubly for something as old as 6.3. You have a better chance of
hitting not-yet resolved issues with 7.x.

-- 

Phil Brutsche
phil at tux.obix.com

More information about the rescue mailing list