11-08-2018 06:51 AM
Hey guys,
I got a pair of PA-3020s (8.0.7) and 2 ae's with a lof of subinterfaces. Each subinterface does have a gateway, security zone and vlan tag.
Out of permonance issues, I want to create a third ae with two new physical interfaces.
Then, I want to move some subinterfaces to that new ae.
What would be the smartest way to do that? (Without loosing any security rules etc.)
Thank you.
11-08-2018 11:37 AM
Hello,
The good news is the security policies rely on zones so as long as the interfaces are in the same zones, you should be OK. I would then test, off hours, by removing one subinterface and then creating it on the new AE. You will also have to update your VirtualRouter with the routes on the subinterfaces. So take it slow and do one at a time off hours and you should be OK.
Regards,
11-09-2018 04:24 AM
Hi,
does the HA pair inherit that configuration change?
11-09-2018 04:42 PM
If you have enabled config sync in the HA configuration then it will automatically be applied to the second firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
