© 2000, Cisco Systems, Inc. CSPFF Chapter 4 Image Upgrade of the Cisco Secure PIX Firewall Software

© 2000, Cisco Systems, Inc. CSPFF Objectives Upon completion of this chapter, you will be able to perform the following tasks: Describe the PIX Firewall access modes. Describe and execute the basic PIX Firewall maintenance commands. Install and upgrade the PIX Firewall software image.

© 2000, Cisco Systems, Inc. CSPFF General Maintenance Commands

© 2000, Cisco Systems, Inc. CSPFF Access Modes The PIX Firewall has four administrative access modes: Unprivileged mode Privileged mode Configuration mode Monitor mode (PIX Firewall 515 only)

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall Commands enable, enable password, and passwd write erase, write memory, and write term show interface, show ip address, show memory, show version, and show xlate exit and reload hostname, ping, and telnet

© 2000, Cisco Systems, Inc. CSPFF enable Command pixfirewall> enable password: pixfirewall# configure terminal pixfirewall(config)# pixfirewall(config)# exit pixfirewall# pixfirewall> enable password: pixfirewall# configure terminal pixfirewall(config)# pixfirewall(config)# exit pixfirewall# enable pixfirewall> Enables you to enter different access modes

© 2000, Cisco Systems, Inc. CSPFF enable password password passwd password pixfirewall# password Commands The enable password command is used to control access to the privileged mode. The passwd command is used to set a Telnet password. pixfirewall#

© 2000, Cisco Systems, Inc. CSPFF write Commands The following are the write commands: write net write erase write floppy write memory write standby write terminal

© 2000, Cisco Systems, Inc. CSPFF Telnet Commands telnet command telnet local_ip [network] pixfirewall(config)# kill telnet_id pixfirewall(config)# kill command who command who [ip] pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF Hostname and Ping Commands pixfirewall (config)# hostname proteus proteus(config)# hostname pixfirewall hostname command hostname newname pixfirewall(config)# pixfirewall(config)# ping inside response received -- 0Ms pixfirewall(config)# ping inside response received -- 0Ms ping command ping if_name ip_address pixfirewall(config)#

© 2000, Cisco Systems, Inc. CSPFF show? Show Commands The following are show commands: show history show memory show version show xlate

© 2000, Cisco Systems, Inc. CSPFF pixfirewall# show interface interface ethernet0 outside is up, line protocol is up hardware is i82557 ethernet, irq 10, address is f16 ip address , subnet mask MTU 1500 bytes, BW Kbit half duplex 0 packets input, 0 bytes, 0 no buffer received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 crc, 0 frame, 0 overrun, 0 ignored, 0 abort 1 packets output, 0 bytes, 0 underruns pixfirewall# show interface interface ethernet0 outside is up, line protocol is up hardware is i82557 ethernet, irq 10, address is f16 ip address , subnet mask MTU 1500 bytes, BW Kbit half duplex 0 packets input, 0 bytes, 0 no buffer received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 crc, 0 frame, 0 overrun, 0 ignored, 0 abort 1 packets output, 0 bytes, 0 underruns show interface Command

© 2000, Cisco Systems, Inc. CSPFF pixfirewall# show ip address Building configuration……. System IP Addresses: ip address outside ip address inside ip address dmz Current IP Addresses: ip address outside ip address inside ip address dmz pixfirewall# show ip address Building configuration……. System IP Addresses: ip address outside ip address inside ip address dmz Current IP Addresses: ip address outside ip address inside ip address dmz show address Command

© 2000, Cisco Systems, Inc. CSPFF Image Upgrade

© 2000, Cisco Systems, Inc. CSPFF PIX Firewall 515 Image Upgrade There are eight steps to upgrade the PIX Firewall image: Interrupt the boot process to enter monitor mode. Specify the PIX Firewall interface to use for tftp. Specify the PIX Firewall interfaces IP address. Specify the default gateway (if needed). Verify connectivity to server. Name the server. Name the image filename. Start the TFTP process.

© 2000, Cisco Systems, Inc. CSPFF Step 1: Step 2: Step 3: 4: PIX Firewall 520 Image Upgrade Download the following files from Cisco Connection Online: –pixXXX.bin, where XXX is the PIX Firewall image version number –bhXXX.bin, where XXX is the PIX Firewall image version number (version 5.1 and higher) –rawrite.exe Use rawrite to copy pixXXX.bin or bhXXX.bin to a floppy diskette. Boot the PIX Firewall from the floppy diskette. Follow the directions displayed.

© 2000, Cisco Systems, Inc. CSPFF Lab Exercise

© 2000, Cisco Systems, Inc. CSPFF Lab Visual Objective Inside host Web and FTP server Backbone server Web, FTP, and TFTP server Pod Perimeter Router PIX Firewall P.0/24.1 e1 inside P.0 /24 e0 outside.2 e2 dmz.1 Bastion host Web and ftp server P.0/24 Internet

© 2000, Cisco Systems, Inc. CSPFF Summary

© 2000, Cisco Systems, Inc. CSPFF Summary The PIX Firewall has four administrative access modes: unprivileged, privileged, configuration, and monitor. Using the PIX Firewall general maintenance commands helps you to manage the PIX Firewall. The commands include: enable, write, show, and reload. To upgrade your PIX Firewall to the most current version of software for the PIX Firewall 515, use TFTP. For the PIX Firewall 520, use a floppy diskette.

© 2000, Cisco Systems, Inc. CSPFF Review Questions

© 2000, Cisco Systems, Inc. CSPFF Review Questions Q1) How many access modes does the PIX Firewall have and what are they? Q2) By default, what is the password for the enable command? Q3) What command is used to store configuration to Flash memory? Q4) Which command displays current configuration in the PIX Firewall? Q5) True or False: The hostname command changes the hostname label on the prompts.