Re: Test migration temporarily

ED · ‎2019-02-13

Hi,

Main site A --- (VPN) --- Site B

Main site A have a management server that controls an appliance firewall at site B. We will soon be connecting site B directly with fiber connection to site A so the traffic will be coming from inside site A. We will have to merge site B into the existing networks at site A and some changes are therefore needed. On the management server, site B gateway is defined as a gateway object with the corresponding networks. In case something goes wrong I want to have an easy fallback plan if possible. Policy rules can be disabled/enabled easily but what is the best way to do with site B gateway and all the networks defined there without deleting the gateway object?

Jerry · ‎2019-02-13

just as a thoughs from my side

would the multiply interfaces on each gateway not sort this out completely making your fully "redundant" to some extent?

Jerry

ED · ‎2019-02-13

Hi Jerry,

Not sure if I understood you right since we are going to remove firewall appliance from site B.

Jerry · ‎2019-02-15

what I meant Eric is that you can prep the reduncancy on both sites and when it comes to to the point that you're going to decommission one, traffic flow remains as it was before, it is just an extra comfort of having multiply interfaces.

sorry for the frustration, just wanted to say that there is multiply ways of making sure you're ok with the tests, just a matter of effort and delivery skills

Jerry

Vladimir · ‎2019-02-13

If you are looking for a quick fallback, perhaps exempting Site "A" networks from Antispoofing on the interface they will get routed via in site "B" is your solution.

Are you a member of CheckMates?

Test migration temporarily