Installing config on a different model.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Installing config on a different model.

L2 Linker

Hi there.

 

I have a site with a 3020 (the only reason this site has a 3020 is when the device was bought, everyone thought it would be doing more than it is).

 

They are in a region that doesn't have 4-hour support, so they wanted a spare. The only thing the 3020 is doing is running a IPSEC tunnel to corp, and handing SIP traffic from 2 internal hosts to two external, but local hosts. Port 1 is configured untrust, and port 2 is configured trust, and that's pretty much it except for management configurations. Max bandwidth on the internet is 20Mbit.

 

Seemed silly to buy another 3020, so we bought a 220 to be the spare. My question is....

 

Can I just export the config out of Panorama for the 3020, and import it into the 220 without issue? I've done this for like-2-like devices, but the 3020 has more ports on it. If I recall the configuration doesn't show unconfigured ports, but I don't know what happens after the configuration is committed.

 

Thanks.

1 accepted solution

Accepted Solutions


@hfregoso wrote:

Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.


If you use the same interfaces you don't have to adjust anything in order to commit the configuration from panorama to the firewalls and if you haven't configured any "new" features the devices don't even need to have the same major versions installed - but in general, the recommended way is to install the same versions.

View solution in original post

3 REPLIES 3

L7 Applicator

Hi @cengasser

 

With panorama this can be done easily. Is the spare device running or powered off until it would be used?

As these 2 devices should have the same configuration, you can simply add id to the same devicegroup and template(/stack) as the 3020. So if it is only you always commit also to the spare 220 or in case of failure you could export the device state from panorama for the 220.

L1 Bithead

Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.


@hfregoso wrote:

Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.


If you use the same interfaces you don't have to adjust anything in order to commit the configuration from panorama to the firewalls and if you haven't configured any "new" features the devices don't even need to have the same major versions installed - but in general, the recommended way is to install the same versions.

  • 1 accepted solution
  • 3740 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!