04-08-2010 02:04 AM - edited 03-09-2019 10:54 PM
I recently upgraded our PIX515 firewall from Version 7.2.2 to 7.2.4 and I wanted to verify the MD5 hash for the downloaded IOS. However the hash generated on the PIX using the verify command does not match the hash published on the cisco download website. Published hash is f2f6b88ea1b4a0b33045b3b18d0fb852, generated hash is fdcd.... . I checked the 7.2.2 MD5 on a firewall I haven't upgraded yet and that doesn't match either. Am I missing something ?
Solved! Go to Solution.
04-08-2010 03:21 AM
OK, so you downloaded an interim release - 7.2.4(30), instead of the main release of 7.2.4.
The checksum for 7.2.4(30) is correct and matches what you advised earlier: fdcd3a9d884baf0ec0aad78048f0e441
You can check it out from here:
Hope that clarifies the confusion.
04-08-2010 02:22 AM
Make sure that you have downloaded the complete file from cisco.com, and also uploaded the complete image file to the PIX firewall.
Double check if the file size is the same, according to cisco.com download site, PIX 7.2.4 is 8515584 bytes.
04-08-2010 02:36 AM
The size reported on the device is 8589312 and the file is listed as pix724-30.bin rather than image.bin (as previously when 7.2.2 was loaded - this was upgrade from version 6). I loaded it using putty pscp. On reload the firewall comes up with the new IOS and appears to work OK. Hmmmmmm???
04-08-2010 03:21 AM
OK, so you downloaded an interim release - 7.2.4(30), instead of the main release of 7.2.4.
The checksum for 7.2.4(30) is correct and matches what you advised earlier: fdcd3a9d884baf0ec0aad78048f0e441
You can check it out from here:
Hope that clarifies the confusion.
04-08-2010 03:28 AM
Many thanks for your help, I just realised the same - the IOS was upgraded on the back of a security vulnerability (http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml) which recommended 7.2.4(30) and contained a link to a place to download it from. This version doesn't appear to be available via the cisco.com - support - security - download IOS etc route.
Our patch documentation was put together, mistakenly, using the the checksum taken from the cisco.com support page for version 7.2.4
Again many thanks for your help.
Francis
04-08-2010 03:50 AM
I just found the interim release page ... and I noticed the caveat on interim releases
"Important: These images were not fully regression tested. Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality. Keep this testing status in mind if you decide to run them in a production environment. We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available."
We plan to run this in a production environment. Couple of questions, would you recommend this and do you know when a fully tested Maintenance or Feature releasewill be made available.
Thanks
Francis
04-08-2010 03:58 AM
Should not be a problem as it is recommended due to the vulnerabilities.
Or, you can wait for 7.2.5 which should be out in a couple of months.
08-27-2010 03:33 AM
Any news on the 7.2.5 release?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide