06-13-2018 08:06 AM
Hi there.
I have a site with a 3020 (the only reason this site has a 3020 is when the device was bought, everyone thought it would be doing more than it is).
They are in a region that doesn't have 4-hour support, so they wanted a spare. The only thing the 3020 is doing is running a IPSEC tunnel to corp, and handing SIP traffic from 2 internal hosts to two external, but local hosts. Port 1 is configured untrust, and port 2 is configured trust, and that's pretty much it except for management configurations. Max bandwidth on the internet is 20Mbit.
Seemed silly to buy another 3020, so we bought a 220 to be the spare. My question is....
Can I just export the config out of Panorama for the 3020, and import it into the 220 without issue? I've done this for like-2-like devices, but the 3020 has more ports on it. If I recall the configuration doesn't show unconfigured ports, but I don't know what happens after the configuration is committed.
Thanks.
06-14-2018 04:30 AM
@hfregoso wrote:Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.
If you use the same interfaces you don't have to adjust anything in order to commit the configuration from panorama to the firewalls and if you haven't configured any "new" features the devices don't even need to have the same major versions installed - but in general, the recommended way is to install the same versions.
06-13-2018 08:45 AM
Hi @cengasser
With panorama this can be done easily. Is the spare device running or powered off until it would be used?
As these 2 devices should have the same configuration, you can simply add id to the same devicegroup and template(/stack) as the 3020. So if it is only you always commit also to the spare 220 or in case of failure you could export the device state from panorama for the 220.
06-13-2018 06:13 PM
Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.
06-14-2018 04:30 AM
@hfregoso wrote:Panorama would be na easy way of doing it but the only thing that will not match are ithe interfaces. Make sure you make the proper adjustments to the exisiten zones, interfaces, and routes. After doing this all should be smooth. Try to use the same OS.
If you use the same interfaces you don't have to adjust anything in order to commit the configuration from panorama to the firewalls and if you haven't configured any "new" features the devices don't even need to have the same major versions installed - but in general, the recommended way is to install the same versions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
