Hi Gary,
1. The router between the firewall and the ISP might need static routes changed.
2. The DNS server records with your domain name registrar probably will need to be changed, otherwise no one will be able to find you because the registrar will still be telling the root servers that your old DNS servers are authoritative (if they rely on IP address.)
3. If you control your authoritative DNS, drop the TTL very low, maybe fifteen minutes or so, before you make the switch and well in advance of your TTL expiration time. That way everyone will be hitting your DNS servers every fifteen minutes instead of relying on old cached information for the next two days. As soon as you make the switch and you're sure it is permanent, raise the TTL back to two days or whatever you have it set to. www.dnsreport.com is a good check of your DNS before and after the switch.
4. If you have central licensing (the license is on the management server and not the enforcement module), it should be a snap. Just check in UserCenter to make sure the license is available for an online move. If you have never changed its IP, it should be. You still will have to check every externally-accessible object to see what IP address it is using.
5. Obviously all DNS records, forward and reverse, will need to be checked to see if they need changes.
6. Backup all configuration files first in case you have to roll back.
7. If you're using SecuRemote or SecureClient, all of the sites will need to be recreated to reflect the new external IP address of the firewall.
8. I don't think the ARP caches on the various devices should be a problem, but it certainly wouldn't hurt to reboot each device if you can't get connectivity after you change the IP addresses. We hit this issue with our managed routers when we used to cut in a backup firewall box. We couldn't flush their ARP cache and we couldn't reboot them, so we had to live with fifteen or twenty minutes of no connectivity.
HTH,
Ray
From: "Brett, Gary" <[EMAIL PROTECTED]> Reply-To: Mailing list for discussion of Firewall-1 <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [FW-1] Changing external IP address worries Date: Wed, 28 Apr 2004 12:00:17 +0100
Hi There
I am currently running a 2 x Nokia IP350 VRRP HA with NG FP3 HF2. We are changing our ISP which unavoidably means that our IP range will change. Now , I have written a plan of action but am very worried about this migration. Does anybody know of any white papers/documents/links that guide you through external IP address migration (including things like MX record seemless transition, re-licencing, the order in which changes need to be made to IPSO/NG, things not to do etc)
any help would be greatly appreciated Gary This electronic message contains information from Halifax Cetelem Credit Ltd which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email (to the numbers or address above) immediately.
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
_________________________________________________________________ Getting married? Find tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married
================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
