Solved: Replace ESA C170 with C170 in the SMA

REJR77 · ‎09-29-2015

Hi,

We need to replace old C160 appliances with C170. (the replacement procedure is quite clear)

But what do we have to do on the SMA? Does the SMA detect the new appliances or do we have to reconfigure it completely with the new C170?

Thank you

Mathew Huynh · ‎10-04-2015

Hey,

Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.

So ensure that if you are doing a direct replacement.

On the SMA log into the CLI (command line)

CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey

Then

'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)

Once done press enter 2x

Commit

Regards,

Matthew

View solution in original post

Ken Stieers · ‎09-29-2015

No, the SMA doesn't have any clue...

So, as you stand up each C170, add it to the SMA as a new security appliance.

Mathew Huynh · ‎10-04-2015

Hey,

Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.

So ensure that if you are doing a direct replacement.

On the SMA log into the CLI (command line)

CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey

Then

'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)

Once done press enter 2x

Commit

Regards,

Matthew

REJR77 · ‎11-02-2015

Hi,

Works perfectly. Just have to reboot the new C170 appliance becasue the SMA was not able to SSH when "scan".

Thanks

Mathew Huynh · ‎11-02-2015

Hey Romain,

Glad to hear.

Regards,

matthew