10-06-2021 08:32 AM
I have a question about upgrading a firewall to new model. I've done it in the past but always seem to forget the order.
I have a firewall that is managed by Panorama, with some local policies also. I have downloaded the device state from the existing firewall. I have also added the serial number of new firewall to Panorama but I have not configured the blank firewall with the Panorama IP address yet.
Do I have to connect the blank firewall to Panorama first, wait for it to show connected in Panorama, push to new firewall and then restore the device state to new firewall? I feel like the order of operations may be wrong here
10-06-2021 08:50 AM
You would pull the device state for the old firewall and then replace the device on Panorama and commit the change. On the firewall you are setting up you would import the device state that you grabbed and commit that configuration. Once that's done you just need to sync the firewall and Panorama.
10-06-2021 09:01 AM
Thanks @BPry , so the below is accurate? Note: Old device will remain online until cutover of new device
1) export device state of existing firewall
2) add Panorama IP address on new firewall, commit
3) add new firewall serial to Panorama, add new device to proper device group/template, commit to panorama
4) import device state on new firewall, commit
5) push from Panorama to new device
10-06-2021 09:08 AM
No, you can remove step 2 from your list entirely. You don't need to attach the device to Panorama before replacing the old device SN with the new device SN and loading the device state on the new firewall.
10-06-2021 09:21 AM - edited 10-06-2021 09:28 AM
Thanks @BPry but if I replace the device serial, then the existing firewall will no longer be managed by Panorama. The plan is always to pre-configure the new firewalls and then cutover a different day. I typically would replace the serial number only on a faulty device
Guess I'm missing something here
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!