Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2159
Views
0
Helpful
3
Replies

Replace Faulty IronPort ESA in a Cluster

paultribe
Level 1
Level 1

‎08-11-2014 04:33 AM

I have a cluster of 2 IronPort ESA appliances and one of these is faulty and will not boot. I am awaiting a replacement from Cisco.

I cannot find an exact guide that explains how to re-instate the new appliance to cluster and therefore am making an assumption that the easiest way to do this is as follows:-

1) Physically connect the new device.

2) Login with console and ensure the new device has centralised management feature and all other keys.

3) Configure the management interface with the original machine level IP address from the old configuration of the faulty device.

4) Use Clusterconfig command to join new device to cluster.

The only thing I am concerned about is licensing and serial numbers. I seem to remember that the primary cluster device will check the serial number at some point and therefore if its a new device then it will not join the cluster. If this is the case then I assume we would have to remove the orignal device from cluster and add the new one as a brand new one. This would mean all other machine level configuration would be lost such as IP addresses of Data interfaces and DNS names etc.

Can anyone clarify please. Also can anyone point me to which configuration is required for machine level only.

Regards

Paul Tribe

Labels:
0 Helpful
3 Replies 3

Robert Sherwin
Cisco Employee
Cisco Employee

‎08-11-2014 09:24 AM

So - to help out - yes... it would be pretty much...

1) Once you get the RMA appliance, rack and cable the appliance, and bring it online with the quickstart guide.  We'll call this ESA3.

2) Once ESA3 is online - you'll need to make sure that you get the RMA on the same matching AsyncOS version as ESA1.  (*This may mean you'll need to upgrade ESA1 to get a compairible revision running...)  Also, just go ahead and make the IP and hostname the same as you had for ESA2... if not done @ quickstart.

3) Once the version is matching - just transfer over the license/feature keys from the old ESA2 to your new ESA3 (RMA unit):

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118000-technote-esa-00.html

4) Once licnesing is completed - just join to cluster.  (*If you are running 8.5.6 --- clustering is included in the release --- just run clusterconfig on the CLI to assure operation.)  From ESA1, running clusterconfig and removemachine - choosing ESA2.  From ESA3, clusterconfig and join cluster:

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118174-technote-esa-00.html

I hope this helps!

-Robert

 

(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

Cheers,
Robert Sherwin
0 Helpful

paultribe
Level 1
Level 1
In response to Robert Sherwin

‎08-12-2014 12:50 AM

Is there anyway an IronPort ESA can be downgraded ?

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee

‎08-12-2014 04:03 AM

Downgrade - only in the case of if you upgrade the appliance --- then you can revert to a previous revision of OS on the appliance.

If you want to "downgrade" the RMA unit recieved - no.  You will have to upgrade to a matching revision for both appliances only, especially to get them back into cluster.

-Robert

Cheers,
Robert Sherwin
0 Helpful
Customers Also Viewed These Support Documents