07-04-2019 02:36 PM
What is the easiest way to replace old hardware(5050) with new(5520), that are in HA pair. Can i add 2 new firewalls to the HA group and failover. Or do i have to replace passive with new, make it active then remove the other.
07-04-2019 07:33 PM
No. A platform upgrade will be a complete install/rip-and-replace. You can't add two different platforms into the same HA group, so what you are proposing simply won't work.
You'll want to migrate your configuration to the new 5250s and get those functional prior to the cutover date, and then when you've scheduled an outage you will actually perform the cutover to the new equipment.
07-04-2019 07:33 PM
No. A platform upgrade will be a complete install/rip-and-replace. You can't add two different platforms into the same HA group, so what you are proposing simply won't work.
You'll want to migrate your configuration to the new 5250s and get those functional prior to the cutover date, and then when you've scheduled an outage you will actually perform the cutover to the new equipment.
07-05-2019 02:38 PM
Thanks @BPry I was hoping if PA had F5 like capability to add old and new hardware in same group and then activate the new ones.
07-08-2019 02:05 AM - edited 07-08-2019 02:06 AM
@raji_toor Strictly speaking there is similar capability, which in fact is more flexible than the F5 solution. If you have your firewalls fully managed by Panorama, then you can just add the new hardware to the same device groups and templates, and configuration will be syneced to the new appliences.
11-14-2019 06:02 AM
Dear All,
Can anyone please advise on any specific points to be taken care for a hardware replacements for a pair of firewall 5060 fully managed by Panorama & to be replaced with 5250.
To me a high level plan looks like.
1. Prepare the new firewalls via importing device state with new mgmt ips to avoid any duplicate in network.
2. Test the failovers on the new pair.
3. Add the panorama server ip in the new firewalls.
4. Add the new serial numbers of the new firewalls to the Panorama under managed devices, match the threat & antivirus version, migrate the license?
5. Change the policy target to any in case of if any specific target group was selected.
6. Disconnect the secondary firewall to be replaced & power on the new 5560 unit.
7. Double check the priority on the firewalls to avoid any issues with taking over issues & make it the active.
8.Push the policy on the secondary firewall.
9. Create the device group.
Is there any thing else needs to be taken care? Does anything related to master key is required?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
