Thanks for the Reply. I performed this last night without a hitch, just in case anyone else hits the same problem.
-Luke -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of chkp tech Sent: Tuesday, October 24, 2006 11:49 AM To: [email protected] Subject: Re: [FW-1] Changing VLAN tags on firewall interfaces I don't see anything wrong with this procedure, and while I thought about it, I wondered if you should push the policy to both members of the cluster or not. After discussing it with engineers around here, we don't think that pushing the policy to both members would be a problem. Let us know if you run into any problems =) Jason On 10/24/06, Marty, Luke <[EMAIL PROTECTED]> wrote: > > Good morning, > > I have a bit of a unique problem this morning. I have a need to change > the VLAN id's of the inside and outside interfaces of a HA pair of > firewalls. This needs to be done with zero downtime. Here's what I'm > thinking of doing... > > > > 1) Login to the secondary(standby) firewall and change the > /etc/sysconfig/netconf.C and netconf.C.keep files to reflect the new > vlan IDs > > 2) Login to the SmartCenter, and edit the topology of the secondary > cluster member to reflect the new interface names. Then saving the > policy. > > 3) Rebooting the secondary firewall > > 4) Logging in to the secondary firewall and changing the management > interface to the new interface name. > > 5) Push policy on the pair > > 6) Making the switch changes to update the vlans > > 7) Running a cpstop on the primary firewall to force the secondary > to take over > > 8) Performing steps 1-5 on the other firewall > > > > I'm running NGX R60hfa03, HA new mode on Splat. > > > > Is this going to work? Has anyone done the same thing and have a better > set of suggestions? Your insight is greatly appreciated. > > > > Regards, > > > > -Luke > > > > Luke Marty > > Network Security Engineering > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
