https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-how-to-replace-a-fw-in-an-a-p-cluster/ta-p/533176 <DIV class="lia-message-template-content-zone"> <P><SPAN>This Nominated Discussion Article is based on the post "</SPAN><FONT color="#FF6600"><STRONG><A href="https://live.paloaltonetworks.com/t5/general-topics/adding-a-firewall-back-into-a-ap-cluster-that-has-outdated/m-p/533131" target="_blank" rel="noopener">Adding a firewall back into a AP cluster that has outdated network and device settings</A></STRONG></FONT><SPAN>" by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163507">@AlanDeBoer</a>&nbsp;</SPAN><SPAN>&nbsp; and responded to by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a></SPAN><SPAN>. Read on to see the solution!</SPAN></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Hi All,</P> <P>&nbsp;</P> <P>I'm curious if anyone can provide an article or just some basic steps of adding a firewall back into a AP cluster that has "outdated" network and device settings.</P> <P>&nbsp;</P> <P>Firewall-02 was moved to a new location and has a new IP scheme for the network and device settings.</P> <P>Firewall-01 will be physically moved and needs to rejoin the cluster, but it does have outdated IP settings.</P> <P>&nbsp;</P> <P>I'm assuming the first step is to power up 01 without any copper/fiber connected and console into 01 and update the device management IP first.</P> </BLOCKQUOTE> <P>Solution:</P> <P>&nbsp;</P> <P>Step 1 - Take config backup from both firewalls (Device &gt; Setup &gt; Operations).</P> <P>Step 2 - Make sure that "Device Priority" of&nbsp;<SPAN>Firewall-02 is lower than&nbsp;Firewall-01 to make sure&nbsp;Firewall-02 stays active firewall.</SPAN></P> <P><SPAN>Step 3 - Cabling (at minimum HA1 cable).</SPAN></P> <P><SPAN>Step 4 - Click "Sync to peer" in Firewall-02 (Dashboard &gt; High Availability widget).</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you click "Sync to peer" on&nbsp;Firewall-01 you will push old nic scheme from&nbsp;Firewall-01 to&nbsp;Firewall-02 and your network will go down!</SPAN></P> <P>&nbsp;</P> <P><SPAN>In addition, mgmt IP change as you pointed out.</SPAN></P> </DIV> Fri, 03 Mar 2023 21:04:07 GMT JayGolf 2023-03-03T21:04:07Z https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-how-to-replace-a-fw-in-an-a-p-cluster/ta-p/533176 <DIV class="lia-message-template-content-zone"> <P><SPAN>This Nominated Discussion Article is based on the post "</SPAN><FONT color="#FF6600"><STRONG><A href="https://live.paloaltonetworks.com/t5/general-topics/adding-a-firewall-back-into-a-ap-cluster-that-has-outdated/m-p/533131" target="_blank" rel="noopener">Adding a firewall back into a AP cluster that has outdated network and device settings</A></STRONG></FONT><SPAN>" by&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163507">@AlanDeBoer</a>&nbsp;</SPAN><SPAN>&nbsp; and responded to by <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/15603">@Raido_Rattameister</a></SPAN><SPAN>. Read on to see the solution!</SPAN></P> <P>&nbsp;</P> <BLOCKQUOTE> <P>Hi All,</P> <P>&nbsp;</P> <P>I'm curious if anyone can provide an article or just some basic steps of adding a firewall back into a AP cluster that has "outdated" network and device settings.</P> <P>&nbsp;</P> <P>Firewall-02 was moved to a new location and has a new IP scheme for the network and device settings.</P> <P>Firewall-01 will be physically moved and needs to rejoin the cluster, but it does have outdated IP settings.</P> <P>&nbsp;</P> <P>I'm assuming the first step is to power up 01 without any copper/fiber connected and console into 01 and update the device management IP first.</P> </BLOCKQUOTE> <P>Solution:</P> <P>&nbsp;</P> <P>Step 1 - Take config backup from both firewalls (Device &gt; Setup &gt; Operations).</P> <P>Step 2 - Make sure that "Device Priority" of&nbsp;<SPAN>Firewall-02 is lower than&nbsp;Firewall-01 to make sure&nbsp;Firewall-02 stays active firewall.</SPAN></P> <P><SPAN>Step 3 - Cabling (at minimum HA1 cable).</SPAN></P> <P><SPAN>Step 4 - Click "Sync to peer" in Firewall-02 (Dashboard &gt; High Availability widget).</SPAN></P> <P>&nbsp;</P> <P><SPAN>If you click "Sync to peer" on&nbsp;Firewall-01 you will push old nic scheme from&nbsp;Firewall-01 to&nbsp;Firewall-02 and your network will go down!</SPAN></P> <P>&nbsp;</P> <P><SPAN>In addition, mgmt IP change as you pointed out.</SPAN></P> </DIV> Fri, 03 Mar 2023 21:04:07 GMT https://live.paloaltonetworks.com/t5/general-articles/nominated-discussion-how-to-replace-a-fw-in-an-a-p-cluster/ta-p/533176 JayGolf 2023-03-03T21:04:07Z