Having installed and managed numerous PIX Devices I have that maximizing the
RAM from the start is the best practice. If you can afford it I strongly
suggest that you put the Maximum amount of RAM in from the start. Example:
Of 5 different PIX installations I had to go back at a later date and
upgrade the RAM on 4 due to OS upgrades. Granted these upgrades occurred
over a 2-year period but they still had to be done. In addition I have found
that the more RAM the better the PIX operated.

1 - As I stated above I suggest that you maximize the RAM. Yes the
additional 32 MB should allow you to run OS V7.0 however it may limit you on
future versions, even 'minor' V7.x 'patches'.

2 & 3 - You can only download software upgrades, patches, or Major version
upgrades if you purchase a Support Contract (SMARTnet) from Cisco via one of
their Partners. This will get you the logins needed to access the
appropriate sections of their web site. As to upgrade limitations as long as
you have the Support contract you are only limited by the hardware and
whether the 'new' software can be supported on that hardware. Some version
upgrades may require more RAM (which is why I recommend MAXing the RAM now)
or even a BIOS loader upgrade. I have found these readily available when

Two points on the SMARTnet Contracts:

1. The Contracts come in different levels of support: 8x5 NBD, 7x24 NBD, and
7x24 On-site (NBD - Next Business Day). I strongly suggest you investigate
each and decide for your self what is needed as the higher the level of
support the more it will cost you. Look here for some descriptions:


a. If the PIX is not a 'Business Critical' connection such that if
it failed and the connection would be 'off-line' for a few days (weekend
plus 1 to restore configuration) then maybe the 8x5 NBD would work.

Warning - you will be surprised how 'fast' this connection may become
'Business Critical' even if there is no obvious business need.

b. Do you have anyone knowledgeable in PIX configurations available
to assist you programming and/or maintaining it?

I could go on but these are the type of questions you will need to ask
yourself to decide what level of Support you will need. In addition some of
the Support offers may be more cost effective from your local Cisco Partner
on a "Time & Material" basis.

Sanford Reed
Reed & Associates

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Vahid
Sent: Thursday, October 27, 2005 6:21 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Upgrading PIX software

Hey All,

Quick questions here. I'm planning to buy PIX-515E-R-DMZ-BUN (which comes
with 32MB RAM). I also want to use PIX OS v7.x. I read that I'll need 64MB
of RAM to support 7.x, in "Minimum Memory Requirements":


So I'll also buy PIX-515-MEM-32.

1. Will purchasing PIX-515E-R-DMZ-BUN and PIX-515-MEM-32 be enough to get
PIX OS 7.x going? The image is freely downloadable from cisco.com, right?

2. What kind of software upgrade limitations should I expect in the future?
How is it determined if I can upgrade to 8.x, 9.x, etc? Is it free?

3. Can I always count on free security patches, or is there a license I

Kind regards,

"Make it better before you make it faster."

Yahoo! Mail - PC Magazine Editors' Choice 2005
firewall-wizards mailing list

firewall-wizards mailing list