[c-nsp] Pix FOS

Jonathan Charles jonvoip at gmail.com
Tue Jan 2 17:39:34 EST 2007


I was upgrading an ASA from 7.0 to 7.2 and Cisco told me I had to go
to 7.1first...

I didn't believe him and went straight... and it failed.



Jonathan

On 1/2/07, Afsheen Bigdeli <afsheenb at gravityplaysfavorites.net> wrote:
>
> I've successfully upgraded from 6.3 to 7.2, for three different sets of
> firewalls, over the past 6 months. Yes, you can upgrade straight to 7.2.
>
> Firstly, you'll want this link handy:
>
>
> http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml
>
> Secondly, as is mentioned in that document, the jump to 7.x from 6.x is
> a big one. Your config will look _very_ different. Be aware specifically
> of the changes to how interfaces (both physical and logical) are
> represented, the implication of changes to the fixup command (i.e. where
> did fixup go, and what does inspect mean, and what traffic should you be
> inspecting?), and what commands have been deprecated by the 7.x train.
>
> As for recommendations, overall, yes, I'd recommend it. Admittedly,
> there are one or two interesting bugs - inspect http, for example, will
> take out even the PIX 535's with memory utilization problems if you're
> pushing more than a modest amount of http traffic through the firewall.
> (This is covered in CSCsd72617, I believe.) There are also plenty of
> things that make more sense aesthetically - at least to me - if you're
> already used to IOS syntax. That, combined with one or two necessary 7.x
> only commands (e.g. same-security-traffic permit intra-interface) made
> the jump well worth it.
>
> --afsheenb
>
>
> Voll, Scott wrote:
> > I'm currently running Pix FOS 6.3 but need to upgrade to at least 7.1.
> > I also see that 7.2 is out.
> >
> >
> >
> > Two Questions:
> >
> >
> >
> > I know I need to upgrade from 6.3 to 7.0 in order to upgrade to 7.1.....
> > What do I need to do to upgrade to 7.2?  Can I skip 7.1?
> >
> >
> >
> > Is anyone using 7.2?  if so, would you recommend it?
> >
> >
> >
> > Thanks
> >
> >
> >
> > Scott
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list