Need some assistance. I have 2 Ironport in a cluster running. I need to swap hardware one at a time. One device is already disconnected form the cluster. I download the config and uploaded to the new hardware but i always get an error while uploading config to new hardware. Any assistance will be very appreciated.
FYI. new hardware is running the same code as the old hadrware being swapped out
> I'm betting that there's a guid or key or something that the clustering uses...
Indeed there is, it's the appliance's serial number. You can see it in the config file, where machine-specific settings are in sections identified by each unit's serial number.
Ken's remedy is spot on: remove the old unit from the cluster, give the new one just enough of a config for it to use the network, and join it to the cluster. It will inherit all its other settings from the cluster. If there are any machine-specific settings beyond the normal stuff like host names and IP addresses, then you'll need to add then back manually. I've done this many times, both for replacing failed hardware (fortunately a rare occurrence), and for bringing new units online. Fortunately, all our settings beyond the must-be-local parts are defined at the cluster level.
It's worth pointing out that removing one node from a two-node cluster does not cause the cluster to cease to exist. It's perfectly reasonable for a cluster to have only one member.
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...
This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE.
Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm...