Upgrading the Cisco PIX 506E


[Albert] read the Cisco PIX Wiki, and discovered that the motherboard of the PIX 506E is the same as the PIX 525, which has a 600Mhz Coppermine Pentium III CPU. So he took his Cisco PIX 506E and upgraded it by swapping out the Celeron 300Mhz, with a Pentium III 600Mhz and populating the second PC100 RAM slot inside. The system only shows 448Mhz instead of 600Mhz, but it does recognize the PIII, and there are no problems.  The CPU load has dropped to 0% after the CPU swap, and RAM upgrade.

Comments

  1. BigD145 says:

    Is it really being underclocked and how much cooler does it run?

  2. STrRedWolf says:

    Why upgrade that thing? Cisco’s got it at end-of-life. Astaro’s got a deal for Cisco PIX systems now, from what I hear off of TWiT’s Security Now podcast.

  3. error404 says:

    Sounds to me like it’s running underclocked. The existence of PC-100 SDRAM points to a 100MHz FSB. There was a PIII-600 that ran on a 100MHz bus, and that was probably the one used in the ‘525.

    448 ~= 600 x (100/133).

  4. Circs says:

    Why spend the money on a whole new piece of network equipment when you can find p3’s for about 5 dollars or even free?

    It sounds mysteriously like a fsb issue causing the 448mhz, but the extra cache and nearly 50% clock speed improvement are pretty nice for a 5 dollar upgrade.

  5. miked says:

    i did something similar with our Barricuda spam firewall when it was slow. the hardware turned out to be just a regular pc. increassed the ram from 256mb to 1gb. it is much faster now and we don’t need upgrade to a bigger box.

  6. Albert says:

    I hacked the box because:
    1) I can
    2) For < $5 to double the speed of a piece of equipment I already paid for is super cheap.
    3) Hacking has nothing to do with need.
    4) It was an easier hack than most of my Ikea furniture hacks.

    The next item up will be trying to put OS 8.x.x onto it. I might need a ram upgrade though..

  7. do any of the pix run on 133mhz busses?

  8. jj says:

    I’ve done some PIX-506e hacking too. PIX-506e isn’t actually even close to PIX-525. PIX-506e is same thing as PIX-515e but onboard flash is 8MB instead of 16MB and funky PCI bus expansion connector is left away. On PIX-515e there’s riser with two PCI slots for additional network interfaces connected to it. Final and one of most important difference is hidden inside onboard BIOS (separate chip from flash) that contains string “PIX-506E” as model instead of “PIX-515E”.

    First I replaced CPU with 1GHz P3 (133 FSB). Since PIX supports only 100MHz FSB I got 750MHz. This is actually good thing as board supplies too high voltage for CPU and reduced speed helps to keep it cooler. That box isn’t that well ventilated after all.

    Next I took two 256MB PC133 DIMM’s from same PC as that CPU came from for total 512MB RAM.

    If you’re happy with CLI and don’t need to manage your PIX with PDM you can run newer PIXOS than 6.3 series. However, at some point during 7.x Cisco introduced more or less intentional bug in firmware preventing it from booting on PIX-506e.

    I have successfully run PIXOS 8.0(2) on PIX-506e. You need to either reprogram onboard BIOS or hack PIXOS itself. Since I didn’t have programmer handy and BIOS is surface mounted I ended up unpacking PIXOS image and simply swapping PIX-506E and PIX-515E strings on model detection code. I also had to patch several CRC checks but after that it boots just fine. As extra benefit you also get PIX-515E license ie. more interfaces (using VLANs of course). There’s total six CRC checks on this firmware in various stages (check for image validity on boot, during flash programming, after lzma decompressor etc). You’ll also need to do trick of going back and forth between PIXOS 6 and 8 once to force PIXOS Loader Helper update as that contains CRC checks too. It would probably have been easier to just find out how those CRC’s are calculated as it took a while to track down all of them.

    Faking other models using same trick won’t work as most of them are blacklisted on newer PIXOS releases and just produce error about unsupported platform. Ones not blacklisted are too different from PIX-506e/515e causing most entertaining crashes. Patching individual calls to functions to gain new features like those present on ASA but disabled on PIX images is also possible as all required code is present, just hidden by firmware checks. I think there was like 1000 places were model number is checked during operation so it might be better idea to simply buy ASA5505 instead. :)

    I tried to find suitable flash chip to replace onboard 8MB with 16MB to get PDM in, but not much luck. Motherboard has IDE interface too that could be used for CF card, but to use that you’ll need to trick PIXOS model detection to think it’s running on FWSM. Since FWSM is different beast you get other problems too so it’s not worth the trouble. FWSM because that (and ASAs) are only platforms PIX/ASA OS runs that use IDE bus connected CompactFlash instead of ISA bus connected flash chips. Yes, even while there’s no ISA bus visible on later PIX models it’s there embedded onboard with Altera CPLD controlling show like it was on very first PIX models decade ago.

    BTW, onboard BIOS chip is flash programmable. There’s no official boot block update available for PIX-506e/515e but for some older models there is. Since PIX-506e/515e is just more integrated version of old Intel ATX Pentium based models it might be possible to observe from that updater how to reprogram bootblock. As system type string and serial number are stored in same bootblock it should be possible to replace model string with PIX-515E to get PIXOS 8.0 series running on this hardware.

  9. W E says:

    Would your 8.0 firmware image work on other Cisco 506e device? I have a few unused 506e devices to work with and would love to test the 8.0 firmware on it.

  10. pillow says:

    To jj,
    Would you like to share your version 8.0 pixos?
    I have a 506 upgraded os to 7.0.1 refence to wiki, but this version does not support vpdn. The version 7.2 which support vpdn command is too large to in 8M flash.
    Thanks~

  11. pillow says:

    506E but not 506

  12. Dmitriy says:

    I wanna install patched 8.0 on my 506e. Anyone can share it for me ??? thx

  13. pillow says:

    I havn’t found the unpacking and packing tools, where should i go to look for such information? goole is not helpful enough for this.

    would jj like to give some guidance?

  14. james says:

    I bought a programmer and it should be here shortly. I intend on finding a way to reprogram the onboard flash/Eprom. My goal is to make it unrestricted.

  15. meister_sd says:

    I’ve dumped the bios and the other chip next to the bios (on left) and found the string. When I get more time, I’ll see about changing the string to 506e. I’d really like to dump a 506e and a 515e. Does anyone have a broken one to test this on?

  16. pillow says:

    @meister_sd
    Happy to see you here.
    I’d like to do the tests that you need to verfiy your supposition, or otherthings helpful to this hacking.

  17. Albert says:

    I’d love to hack and open up the 506e’s BIOS. I’d like to have the option of installing something like *BSD or Linux or any *nix on it. It’d make a great firewall.

    I am very use to pf/ipf syntax and prefer it to the pixOS actually.

  18. Jimbo says:

    WARNING: DO A SHOW VER AND SAVE A COPY OF YOUR ACTIVATION KEY BEFORE YOU MESS WITH YOUR PIX 506E!! (I didn’t, and accidentally zeroed it, and had to call TAC to get it. What a pain.)

    I replaced the 32M stick with a 256M PC133 stick. Then I upgraded to v7. Had to use the monitor to boot from tftp, format the flash, and copy the new code. Now it’s running 7.12 – largest OS that will fit in the 8M flash. Then I found an old Celeron 633 pga370. Works like a champ, although it calls it a “Pentium III”.

    Only problem is whenever it boots, it now says “Have to burn block 0″ and then it burns block 0. Since this is a flash chip there must be a limited number of burns. I feel like I’m shortening its life each time I turn it on.

  19. danny says:

    Hi, can anyone get hold of the cisco pix v8 os for me. I’ll pay! email me at: dannyuw2000@yahoo.co.uk

  20. mvalpreda says:

    Anyone found a place apart from eBay that has the “shorter” PC100 SYNCH RAM that is needed in the 506e? All I have is RAM that is too tall to fit in the device with the cover on.

  21. pillow says:

    Is there anyone who has got contacted with jj?
    Or could the owner of this website tell me the e-mail of jj?

  22. Master says:

    How can upgrade the 506E to 16MB Flash?

    Just replace the Flash from 8MB to 16MB? The 506E Bios can detect 16MB Flash?

  23. S says:

    Can anyone send me the latest firmware ?
    need for a 515
    sjw@techie.com
    Thanks

  24. steve says:

    Hi all;

    Does anyone have the “correct” URL @ Cisco for an upgrade to my 506(e)?

    For show ver, I get:

    PIX-506, 32 MB RAM, CPU 200 mhz
    Flash is 8 MB
    BIOS Flash is 32KB

    I’m on an older version, 6.2(1)

    I have a Cisco account, but can’t find a upgrade/download section for it. Please copy and paste the URL if you got it.

    Thanks, Steve

  25. Bryan says:

    Go to the Support, Download Software, Security, Firewall, PIX to download the software.

  26. gpumroy says:

    The PIX 506e is alot of fun to play with. Since Cisco came out with ASA, the PIX 506e has been getting very cheap on eBay. My main problems with PIX 506e are 1. Runs to hot because of poor thermal design of the cabinet 2. CPU is only 300mhz thus too slow and 3. Power supply is to expensive and plastic.
    I solved the cabinet cooling issue by drilling a matrix of 3/16″ holes above the cpu and extending over to the memory slots. Air is drawn in thru these holes by the fan, cooling the 440BX chip and first row of memory. The warm air exits out the rear of the cabinet. Cabinet top now is cool to the touch and eliminates thermal degradation of the cpu while passing heavy traffic.
    CPU improvement is somewhat straightforward, keeping in mind the 440BX is a 100mhz chipset. Choosing a cpu in the FSB speed of 100mhz makes for a predictable result. I choose 600/256/100 SL4CM that is available from eBay for about $7. The retention clip had to be recontoured to ensure heatsink would sit flatly on the CPU. Higher speed CPUs are available but the goal of reaching the same speed as the PIX 525 was accomplished with the 600mhz.
    Power supply was easy also. While repairing a PIX 515e, I discovered the motherboard is identical to the PIX 506e. Failover was connected and basically a connector that transitions to a pci bus is present but the rest is the same with BIOS differences. The power supply used is an ASTEC AA20270. This ASTEC model appears in the Cisco 2600 series routers as well as the PIX 515e. This ASTEC model is plentiful on eBay for around $5. Simply unplug the internal power cable harness from the motherboard in the PIX 506e and plug the ASTEC in. Great for lab use. An alternate configuration is to adapt the ASTEC wires to a cable from a bad Cisco ADP-33AB. Plug directly in the rear of the PIX-506e – DONE.
    Performance of the PIX-506e is greatly improved with these changes. My bench test is to create a 3DES tunnel to the PIX and and pass data thru (1.104GB). Before changes, a single tunnel passed 1.104GB of 3DES thru in about 13 min. After, the same data passed thru in about 6.5 min. A PIX 520 with 600mhz slot1 was also around 6 min.
    I plan to obtain a rack mount adapter from eBay to install the PIX 506e with ASTEC power supply. PIX 515e done another way!

  27. mvalpreda says:

    For those who want to upgrade the RAM, look for 2x MT4LSDT864AG-133B1. Those are Micron 64mb SDRAM modules and they work well. I have 1 of those plus the original 32mb in my 506e and this is what I get:

    #show mem
    Free memory: 42040760 bytes
    Used memory: 58622536 bytes
    ————- —————-
    Total memory: 100663296 bytes

    Looks like it will use much more than 32mb!

    To upgrade the processor, get a SL4CM as mentioned by gpumroy. I have a couple on the way and looking forward to faster 3DES/AES connections.

    Now can 7.x be shoehorned into this thing? :)

  28. gpumroy says:

    I found this article about installing IOS 7.0 in PIX 506e but have not tried it. Version 7.0 does not support PPTP which I want to still use in an emergency.

    http://www.netemu.cn/bbs/viewthread.php?tid=366

    The real issue is, since the pix 506e motherboard is essentially the same as a PIX 515e and it has 16mb of flash, why doesn’t the 506e? I came accross a little utility program that reformats the flash but have not used it on the 506e yet. I did use it to solve a boot problem in a 515e but the 515e has 16mb of flash already. If the 506e flash reformat yielded 16mb, then I’m assuming any OS could be installed, unless as was mentioned earlier, that IOS beyond 6.0 is locked out by code.
    Which brings up another possiblity, 3DES/AES unlimited. The activation code is tied to the serial number which is stored in an EPROM and not the flash. Could the EEPROM be reprogrammed with a Willem EPROM programmer, etc.? I know, all the chips on the motherboard are soldered in place, but, is that such a difficult task to unsolder the chip and replace with a socket such as PCs have? Since the whole PIX 500 series is past end of life for the manufacturer, could that be a problem?
    So much to do and so little time to do it!

  29. Integrator says:

    I found a article that someone has DIY his PIX 506E, upgraded the Flash memory from 8MB to 16MB.

    If the PIX 506e has 16MB flash, does it mean PIX 506e can run PIX OS 7.24 and 8.04?

    http://www.right.com.cn/forum/viewthread.php?tid=24823

  30. junkets says:

    So has anyone been able to get a hold of jj’s ios 8.x that has the patches for the 506e-515e upgrade? I never use the pdm anyway and would really like to be able to use one new feature of 7.2 or higher. Thanks.

  31. Ironman says:

    Lots of fun, but what a waste of resources.
    An old computer and Untangle gets you a lot more for a lot less effort in the Unified Threat Management Area…
    I guess if your a Cisco Pix hobbiest that is ok,,good to have a hobby.
    But if your looking for best bang for buck for Firewall and threat management..ease of configuration, flexibility, lack of licensing etc. Then look to open source firewalls.
    Good luck folks…just my $.02

  32. Stifferd says:

    Ummmm, Untangle??? I know this thread is very old, but i just gotta say….seriously?

    untangle has got to be the WORST open source firewall I have ever seen. Even with a core2quad and 4th of ram that thing barely kept up with web browsing lol

    It’s the most inefficient firewall I have ever seen. The only open source firewall comparable to a pix IMO is pfsense…

  33. Griffin Willard says:

    I need to know how do i get a 515E FO pix server changed to a 515E R or a UR license, I get a 51E PIX Firewall VPN server of ebay, but in real life its was a FO not a UR

  34. patrick says:

    So is the 515e actually the same motherboard or does it just use the same chipset? Could I buy a 515e and put the board in a 506e enclosure?

  35. Daeric says:

    I know this thread is super old, but did anyone find out exactly how JJ modified the 8.0 code to run on the 506e?

  36. Marianok says:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,929 other followers