09-02-2023 06:53 AM - edited 09-02-2023 10:08 AM
I have a pair of ENCS based Cisco firewalls which I want to replace with ESXi based Cisco firewalls, I'd thought I could break the HA on the ENCS firewalls, build the HA with an ENCS firewall and an ESXi firewall to set up the ESXi firewall then break and recreate the HA again on the second ESXi firewall. However that won't work as you can't create the HA cluster with the mixed ENCS and ESXi firewalls.
I'm planning to configure one of the new ESXi firewalls with the settings from the current HA cluster, build an HA cluster with the two ESXi firewalls then disable the network interface on the current HA cluster and enable them on the new HA cluster to switch over to them. That way if there's any problems with the new firewalls, I can fall back to the original HA cluster.
Is there a better way to do this?
Thanks
Edit - I've gone ahead and built the new firewalls alongside the existing ones then configured and moved everything over, fingers crossed everything seems to be working
09-05-2023 02:46 AM
09-05-2023 03:09 AM
i would prefer to have new HA Cluster and move the backup config and restore on the New cluster offline.
compare and verify the config - in the maintenance window ( cut over to new) - by takeing the OLD FW offline.
09-06-2023 04:32 AM
This is what I did if I'm understanding you correctly, I built the new HA cluster and kept it disconnected until I was happy with the setup then disabled the original HA cluster and connected the new one. I don't think it's possible to backup the ENCS firewall and transfer the config to the ESXi firewall as the FMC doesn't support backing up the ENCS firewalls so I think I'd have to configure the new ones manually anyway.
All seems to be running fine so far, fingers crossed it stays that way
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide