Switching out same model with copied configuration
-
Hi, I have hopefully an easy question. Can I take a working firewall, copy the configuration from it onto the same model with the same OS and switch them out and have it work? I haven't been able to successfully do this and am wondering if I'm doing something wrong-configuration change I need to manually make before it will work? When I did it, it took my whole network down. I put the original firewall back in and it took a reboot of everything to get it working again and a 15 minute wait. I did try rebooting everything first with the spare firewall in, but alas, no luck. I would appreciate any insight. Thank you.
-
@drosos Your NIC drivers are the only real concern in this case.
-
@rcoleman-netgate It's a netgate device so would that still be the case?
-
@drosos If it's is a 2100 to a 2100 then there shouldn't be an issue.
If it's an 1100/2100/3100/7100 to one that is not one of those models then you need a conversion done -- the switch in the hardware will need to be adapted and converted. Open a ticket for that at https://go.netgate.com
Also two 7100s could be different if there's an add-on NIC on one and not the other, for example.
-
R rcoleman-netgate moved this topic from Off-Topic & Non-Support Discussion on
-
@rcoleman-netgate Thank you! It is a Netgate XG-71001U. I didn't order with an extra NIC so I just have to open a ticket for the conversion?
-
@drosos Yes, go ahead and open a ticket with the specifics of your request, including the two system SNs and any add-on details you have.
-
@rcoleman-netgate Thanks so much! It will feel so good to finally get this working!
-
It's me again. I opened a TAC with netgate and apparently the firewalls are exactly the same and needed no conversion. The last time I tried to switch out the two firewalls, a laptop that had been on still worked, but our wifi, which gets DHCP stopped working. I then tested with another laptop and DHCP didn't work, but if I manually put an IP in then it worked. Any idea what the issue is??
I appreciate any ideas!
Thanks -
I would guess the MAC address of the DHCP server changed because of the new hardware and Windows is now seeing it as a new network that needs to be allowed.
Everything else would remain the same if the hardware is identical. Everything is in the config file unless you made any custom config directly somehow.
Steve
-
Hi @stephenw10,
Thank you for replying. We have a MS DHCP Server, so the firewall isn't handing out DHCP addresses so the MAC stays the same. We do have the servers on a different VLAN than the network where I am testing...don't know if this matters? I honestly can't think of why it wouldn't just work. -
Yeah, I would expect it to 'just work' but you'd have to do some trouble shooting to find out why it isn't. Check for blocked traffic. Check for passed traffic in the counters.
Do you have an expansion card in these 7100s?
-
@stephenw10 Thank you. I will do this early in the morning or over the weekend.
