Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix OS Upgrade

Status
Not open for further replies.
LoopyLoo

LoopyLoo

IS-IT--Management
Feb 5, 2003
82
CA
Guys,

It has been recommended that we upgrade our PIX firewalls from 5.1(2) to 5.1(4). Are there any issues associated with this? Any problems I should look out for? Should I consider going to the latest version of the PIX OS instead?

Any input would be greatly appreciated.

Loopy
 
Sort by date Sort by votes
Definately consider going to 6.2(2) if you can. There are a number of security vulnerabilities with the PIX that has been addressed since 5.1(4).

For the most part, every thing should work fine. Upgrade the PIX at night and do some testing. All the conduit and outbound commands still exist, even though they have been replaced by the access-list command.

You should consider using the access-lists over the conduits and outbounds if you haven't already. Access-lists are much faster. :)
 
Upvote 0 Downvote
I Think i would stay away from 6.2(2), there are some really bad bugs in it, just go for 6.1(4) or 6.2(1) if you dare :)
 
Upvote 0 Downvote
I've been running 6.2(2) for three months now. Not one bug found. :)
 
Upvote 0 Downvote
I'm with baddos on this one, I have been running it for about 8 months (since it was introduced) and I haven't had any problems with it. I would recomend upgrading to this version and then once you are up and running take a copy of the config file and work on it with notepad and upgrade the conduits/outbound rules to access-lists. [smile]
 
Upvote 0 Downvote
I'd be curious to hear anyones input on moving from 6.1(x) to 6.2(x) IF they are using multiple interfaces, site-to-site and client VPN, and failover. The failover stuff changes dramatically in 6.2 (no more serial cable, etc), and I'm not ready to leap like that in my environment!

 
Upvote 0 Downvote
In 6.2 you can use both the serial and the NIC method for failover. I have two 525 pixes and it's working great.

I did go w/ the ethernet failover though for the added benefits of the tcp connection failover.

-Bad Dos
 
Upvote 0 Downvote
We run 6.2 with serial failover and no problems. We jumped from 5.1 to 6.2 in one swoop.. Not really the way we wanted to but thats how it worked out.

MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
137
quazimotto
quazimotto
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
61
xwray
xwray
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
71
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Ping thru PIX to subnet inside??!!
Replies
0
Views
58
quazimotto
quazimotto
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
54
J001
J001

Part and Inventory Search

Sponsor

Back
Top