09-29-2015 02:01 AM
Hi,
We need to replace old C160 appliances with C170. (the replacement procedure is quite clear)
But what do we have to do on the SMA? Does the SMA detect the new appliances or do we have to reconfigure it completely with the new C170?
Thank you
Solved! Go to Solution.
10-04-2015 10:23 PM
Hey,
Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.
So ensure that if you are doing a direct replacement.
On the SMA log into the CLI (command line)
CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey
Then
'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)
Once done press enter 2x
Commit
Regards,
Matthew
09-29-2015 10:19 AM
No, the SMA doesn't have any clue...
So, as you stand up each C170, add it to the SMA as a new security appliance.
10-04-2015 10:23 PM
Hey,
Keep in mind if you're doing a direct replacement in the sense that the new C170 will take over the entire configuration of the old. the SMA will break with connection to the IP even if it's the same because the hostkey will have changed.
So ensure that if you are doing a direct replacement.
On the SMA log into the CLI (command line)
CLI > logconfig > hostkeyconfig > remove the old ESA's hostkey
Then
'scan' -> the new ESA hostkeys (it'll be the same IP if direct replacement)
Once done press enter 2x
Commit
Regards,
Matthew
11-02-2015 01:29 AM
Hi,
Works perfectly. Just have to reboot the new C170 appliance becasue the SMA was not able to SSH when "scan".
Thanks
11-02-2015 02:56 AM
Hey Romain,
Glad to hear.
Regards,
matthew
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: