Pix Firewall

[Resix]

I've got an old Pix firewall lying around at home,

any posibilities of flashing it with new OS or something?

I want to set up a firewall anyways for a DMZ,

think the PIX will do a fine job there,

but maybe there's more stuff or better homebrew software for it.

If anyone's got any info pls share. Thx

[decepticon_eazy_e]

I've got an old Pix firewall lying around at home,

any posibilities of flashing it with new OS or something?

I want to set up a firewall anyways for a DMZ,

think the PIX will do a fine job there,

but maybe there's more stuff or better homebrew software for it.

If anyone's got any info pls share. Thx

Tell me the model number and I'll tell you what you can do with it.

[Resix]

It'S a Cisco PIX-515

;)

[decepticon_eazy_e]

It'S a Cisco PIX-515

;)

Ok, now the license option is the important part. If it's a 515E you can get more ram and thus more features going. If it's an unrestricted license, you can get more interfaces (vlan subinterfaces) going on them as well as failover to another 515. If it's the restricted, you have a limit on interfaces and ram. If it's the failover license, you can't do anything with it unless it gets connected to another 515 with an unrestricted license.

"Show version" will show the license, and ram/flash amounts. Post it here if you can't decipher it.

That's a pretty good model, it probably doesn't have the VAC+ card. That should occupy a PCI slot and is for offloading the encryption process from the CPU. The 515E comes with it standard, the 515 gets it as an option.

Good news is you can still run the latest PIX OS on there assuming you have enough flash and ram. If you load the ASDM module on there you will have a pretty simple and full featured GUI to configure it with.

There is NO homebrew options for this, Cisco would kick down the door of anyone writing software for their hardware. But honestly it will do anything you could possibly think of.

[Resix]

Thanks for your Helpful info!

Do you know is there any possibility to reset the machine to default values?

Currently it has some unknown configurations on it, tried finding the adress with nmap but couldn't find anything.

Maybe there's a switch inside the box?

the documentation only shows the possibility via the serial bus,

and the adapter and cable was not in the box. -.-''

Thx again for your answer!

[digip]

erase the startup config and reload the device should put you at square one with no configuration.

[Resix]

erase the startup config and reload the device should put you at square one with no configuration.

I don't think you read my post.

I can't get access to the machine, over the network.

It is configured in some way I don't know. It doesn't dhcp like it should in a standard way, and the adress it responds to is unknown.

[digip]

Then you need a rollover cable, serial port on your machine and hyperterm into the console port of the device to reset it. Upon booting the device, you will have to do a break sequence to put it into rommon mode(if its anything like a cisco router and switch) and then change the confreg value so you can boot and bypass any configs(on routers is usually 0x2142), then change the password, or delete any startup configs all together and then change the confreg value back(usually 0x2102), reboot and login should be a blank password, so you will have full access and can set how you want. I never worked on a PIX, so I am assuming its similar to Cisco's router setups and has a console port on the back. If no console port, you might need a crossover cable to the default ethernet port on the device from your pc's nic card. (a google is in order...)

-edit-

After a little research, it looks like it is only partly similar to a router, but requires a password recovey utility on top of the break sequence and recovery mode:

http://www.cisco.com/en/US/products/hw/vpn...08009478b.shtml

[barry99705]

Then you need a rollover cable, serial port on your machine and hyperterm into the console port of the device to reset it. Upon booting the device, you will have to do a break sequence to put it into rommon mode(if its anything like a cisco router and switch) and then change the confreg value so you can boot and bypass any configs(on routers is usually 0x2142), then change the password, or delete any startup configs all together and then change the confreg value back(usually 0x2102), reboot and login should be a blank password, so you will have full access and can set how you want. I never worked on a PIX, so I am assuming its similar to Cisco's router setups and has a console port on the back. If no console port, you might need a crossover cable to the default ethernet port on the device from your pc's nic card. (a google is in order...)

-edit-

After a little research, it looks like it is only partly similar to a router, but requires a password recovey utility on top of the break sequence and recovery mode:

http://www.cisco.com/en/US/products/hw/vpn...08009478b.shtml

http://www.tech-recipes.com/rx/639/cisco-p...-recoveryreset/