SFR IP address change

keithcclark71 · ‎05-01-2017

I changed IP address on an SFR to an available IP address within a remote subnets IP range. The ASA is being shipped to this location where the SFR will communicate to the FMC accorss Lan to Lan Ipsec tunnel. The SFR in question is still here at HQ and since it and the Firewall it is associated with is on the same IP range as remote subnet the FMC cannot communicate unless I were to change its gateway which I cannot. The question is will the FMC once it detects this SFR trying to connect with it under a different IP address update the device list with that IP address or will i have to remove it and reregister???

Marvin Rhoads · ‎05-01-2017

You will have to remove and re-register it. (and re-assign and deploy policies to it)

keithcclark71 · ‎05-02-2017

II changed the SFR Ip and shipped it out to the remote site. It will have connectivity back to the FMC here in HQ.

1)Does the SFR need connectivity with the FMC in order to unregister

2)Do I unregister first from the SFR?

(I actually did try to do this prior to changing IP but it did not let me.)

Marvin Rhoads · ‎05-02-2017

It does not require connectivity to unregister. Generally, you are required to first remove the configured FMC before adding a new FMC.

But since you are still using the same FMC, you should not need to do anything on the sensor. As long as it has tcp/8305 biderectional connectivity with the configured FMC it should attempt to re-establish communications when it comes back up.

If the FMC is configured to register the device with the new IP address, the registration should succeed.