Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mdjmcnally
Advisor

VSX Managmet IP Address Change to a new Interface as well

I have an existing VSX Cluster on R77,30 managed from MDS on R77.30

VS0 and Management Server are on the same Subnet so no connectivity issues.

All working correctly.

 

However due to changing of ISP and the fact that we use a Public IP Range from our ISP for the MDS then when migrating to R80.20 MDS then will be moving to a new IP Range.   Thinking it will be easier to move the Management IP to the new Network in advance of the Management Migration rather then trying to do both the Migration and Management IP address change in one go,

I am happy on adding an Interface to the New MDS Management Network into the VS0 which will have IP addresses in the New MDS Network.

I am then placing routes to the New Interface IP in the new MDS Management Network on my existing MDS Server so that it routes to the MDS Management Network IP addresses of the VSX Cluster via the individual Interface IP addresses in the existing MDS Network.

ie to get to New_MDS_Network_Member_1 IP go via Old_MDS_Network_Member_1 IP as next hop and New_MDS_Network_Member_2 IP go via Old_MDS_Network_Member_2 IP as next hop

So this will give the existing MDS connectivity to the New MDS Network Range via each specific member.

I understand that need to use the vsx_util change_mgmt_subnet command to change the IP address of the Cluster Members

Also understand about turning off vsx on the individual boxes when reconfigure the members.

 

My question is that will the vsx_util change_mgmt_subnet actually remove the existing MDS Network Configuration from the Cluster or will it leave that alone and is then down to me using the CLISH on the members to simply set the Management Network as the New Management Interface.  I will already have the Interfaces configured on the VSX prior to changing the Management IP over.  Will still need the existing Management Interfaces IP in place to be able to connect to the new MDS Management Interfaces on the Cluster.

I believe from the documentation and https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... that should leave the details in place and that is going to the individual boxes in question to configure the IP etc on the boxes via Console Cable or LOM Card.

Is the first time changing the Management IP on a VSX System so want to make sure that have understood correctly.

Thank you for your assistance

Michael

 

 

 

0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion

Changing Management on the MDS and changing the management IP of the VSX gateways are 2 things that indeed should be dealt with as 2 different changes.

As per sk92425 change your network in Management (vsx_util) and then on the physical boxes, by indeed disable vsx set the interface new IP and enable vsx.

When you're looking at a migration to a newer version for management, this is the time to do so.

Depending on the number of Domains it could be useful to migrate the domains 1 by 1 to the new MDS.

The latter will give you all freedom to change the IP's in the process, it is a bit more work more it will give you a clean new environment.

There are some caveats though: try to make sure to keep the names of domains and CMA's exactly the same.

In VSX there is still some changes to be made for the IP changes that need to be reflected in some specific fields using guidbedit.

Don't forget to re-issue all licenses for the new IP's

Regards, Maarten
0 Kudos
Maarten_Sjouw
Champion
Champion

Also for changing the actual management interface use the command vsx_util change_interfaces with apply to management only.
Regards, Maarten
0 Kudos
mdjmcnally
Advisor

Many thanks for the reply.

Am comfortable with the MDS Management Migration as we have done several already, including migrating VSX Clusters, and done the VSX upgrade R77.10 to R77.30.

What I hadn't done before was change the Management Interface on a VSX Cluster so much appreciate confirming that in the correct area with that.

Michael

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events