The PIX firewall licensing is unique compared to some of Cisco's other products. PIX licensing usually doesn't require the installation of new software, unlike licensing for Cisco routers. The PIX uses activation keys to enable extra features such as adding more RAM, failover, extra interface cards, and so on. Activation keys are acquired by sending Cisco your serial number and the feature you want enabled (oh, and don't forget the cash, too!). Cisco then sends you a unique activation key computed from both the hardware serial number and the required new feature. Because the activation key is unique to each feature, you must get a new activation key if you replace your flash.
Displaying activation key information is straightforward. By using the show version command, you can display information such as the software version, hardware platform, enabled licensed features, serial number, and running activation key. Listing 3.1 displays the show version command and its output.
Listing 3.1 The show version Command
Pixfirewall# show version Cisco PIX Firewall Version 6.2(2) Cisco PIX Device Manager Version 2.1(1) Compiled on Fri 07-Jun-02 17:49 by morlee pixfirewall up 16 days 21 hours Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz Flash E28F640J3 @ 0x3000000, 8MB BIOS Flash E28F640J3 @ 0xfffd8000, 128KB 0: ethernet0: address is 000c.3085.5640, irq 9 1: ethernet1: address is 000c.3085.5641, irq 10 Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 10 Throughput: Limited IKE peers: 5 Serial Number: 807082785 (0x301b1b21) Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee Configuration last modified by enable_15 at 09:57:56.047 UTC Sun Mar 30 2003
The show activation-key command shows information about the activation key. Listing 3.2 displays the output of this command.
Listing 3.2 The show activation-key Command
pixfirewall# show activation-key Serial Number: 807082785 (0x301b1b21) Running Activation Key: 0x2d284af1 0xd032aa26 0x38b7db1f 0x70cfa8ee Licensed Features: Failover: Disabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 2 Cut-through Proxy: Enabled Guards: Enabled URL-filtering: Enabled Inside Hosts: 10 Throughput: Limited IKE peers: 5
Updating the activation keys on the latest software release is a simple process. After you have received your new activation key from Cisco, you can use the activation-key command, like so:
Here's another example of the activation-key command in use:
Pixfirewall(config)# activation-key 2d284af1 d032aa26 38b7db1f 70cfa8ee