Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

Test migration temporarily

Hi,

Main site A  --- (VPN) --- Site B 

Main site A have a management server that controls an appliance firewall at site B. We will soon be connecting site B directly with fiber connection to site A so the traffic will be coming from inside site A. We will have to merge site B into the existing networks at site A and some changes are therefore needed. On the management server, site B gateway is defined as a gateway object with the corresponding networks. In case something goes wrong I want to have an easy fallback plan if possible. Policy rules can be disabled/enabled easily but what is the best way to do with site B gateway and all the networks defined there without deleting the gateway object? 

4 Replies
Highlighted
Platinum

Re: Test migration temporarily

just as a thoughs from my side

would the multiply interfaces on each gateway not sort this out completely making your fully "redundant" to some extent?

Jerry
0 Kudos
Highlighted
Silver

Re: Test migration temporarily

Hi Jerry,

Not sure if I understood you right since we are going to remove firewall appliance from site B. 

0 Kudos
Highlighted
Platinum

Re: Test migration temporarily

what I meant Eric is that you can prep the reduncancy on both sites and when it comes to to the point that you're going to decommission one, traffic flow remains as it was before, it is just an extra comfort of having multiply interfaces.

sorry for the frustration, just wanted to say that there is multiply ways of making sure you're ok with the tests, just a matter of effort and delivery skills Smiley Happy 

Jerry
Highlighted
Pearl

Re: Test migration temporarily

If you are looking for a quick fallback, perhaps exempting Site "A" networks from Antispoofing on the interface they will get routed via in site "B" is your solution.

0 Kudos