Throwing this out here to see if I maybe creating any issues.
I have a machine that is setup in my firewall with an address object. Let's say it's its Machine1 and it's IP is 10.0.0.50. This machine will be decommissioned soon and I have setup another machine that will replace it. Let's say it's Object name is Machine2 and it's address is 10.0.0.60.
There are rules setup where the object name Machine1 is used. Rather than modify the existing rules and adding the object Machine2 to them and removing Machine1, can I simply just swap the IP addresses associated with the Object names?
This way the rules don't have to be modified and after the commit, they will be applied to the replacement machine.
Does anyone see any issues in doing this?
I would appreciate any suggestions regarding this.
Solved! Go to Solution.
Yes you can change the IP of the object to the new device and youre all set. However like you mentioned comes the future logistical knowledge of knowing that machine1 is actually machine2. If the machine name is registered within dns, you can use FQDN instead that way it will automatically update IP's on the back end.
Hope that made sense.
I appreciate the comment. Remembering that I switched the two shouldn't be a problem. What I will likely do is remove the address object (Machine2) once the older machine is decommissioned. I will also likely rename the address object that is being used in the rules to better describe the machine that is being used.
The machines are registered in DNS, but at this time, I am not using the FQDN in the firewall. I may consider this later.
Always live life like you'll be dead tomorrow; this is true in both living life to it's fullest, but also not leaving technical debt that isn't documented. If you have a machine called addc-01 and addc-02 is the replacement, but you for some reason switch the IP addresses, you're reliant on you being there tomorrow with the knowledge of what was done. I'd really recommend doing this the "correct" way instead of the "quick" way and making it clean from the start instead of intending to go back and clean it up latter.
Thanks @BPry for the comment.
I spend a little more time yestrerday looking at my configuration and found a way to accomplish what I wanted without making a switch of IP addresses. My concern at the time was having a way to revert my changes (without reloading a configuration snapshot) if things didn't work out. I was able to make the changes I needed. I appreciate your comments and opinion.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!