ESA replacement from C190 to C195

REJR77 · ‎05-20-2022

Hey,

I need to change an "old" C190 to an C195.

The C190 is part of a mixed cluster with a C100v and are managed by a SMA

Regarding the steps, I was thinking of:

- Move the licence from C190 to C195

==> Can I use the license migration process like for RMA or do I have to ask cisco Licensing to transfer the licence (since it is not a RMA)?

- Install the New C195 with a temporary IP

- Install the feature key and activate Security Features needed

- Upgrade to the correct AsyncOS version (used in the cluster)

- Remove/Delete C190 from the cluster and shut down the appliance)

- Assign the C195 with the correct IP / name / route / DNS / Listener name

- Suspend listener

- Add the C195 to the SMA

==> first do I have to remove the old C190 before?

==> activate the PVO/ Spam Quarantine / Reporting for the C195

- Add the new C195 to the cluster

- Checking other config parts (certs, etc..)

Does this make sense?

Is there something more simple?

Any other ideas?

Thanks for help

Ken Stieers · ‎05-20-2022

1. Get the 195 licensed, make sure all of the various rulesets are updated to the same versions as your cluster.
2. Suspend traffic on the 190, let it clear its queues.
3. Eject the 190 from the cluster
4. Save off the config of the 190. Shut it down
5. Restore the 190 config to the 195. (mostly this is about the IPs, but there are a couple of things that are different between the vms and hardware)
6. Join the 195 to the cluster.
7. Register it with the cloud stuff you may be using: CRES, AMP, ThreatGrid, SecureX

Keep in mind there are a few things that are different between the vm and hardware configs:
Update servers are different (in the cli "updateconfig", then "dynamichost")
How you register the box for CRES is different.
I feel like there might be one other thing, but its not coming to me at the moment...