Associate SmartServer to a firewall using non-facing interface



I have a few questions regarding an upcoming migration that I have to deal with.

The scenario is a bit tricky.


Currently, the design looks like this (simplified) :

                                                                              VLAN 20


                                                                              interface 2

(SmartServer) --- VLAN 10 --- interface 1 (CP Gateway) interface 3 --- MPLS L2 --- (HQ)


Here is the point.


As a first step, I have to re-IP the SmartServer in the VLAN 20.

Is there anything that I have to be careful of when changing the SmartServer IP Addres? I've never done it before.


The second step will consist of moving the entire VLAN 20 (including the physical hardware) as it is to the HQ (several kilometers away).


What I would like to achieve is in Step 1 to associate the SmartServer to the firewall using it's "interface 3" IP address, meaning using a non facing interface.

This way, when I will proceed to Step 2 and as the SmartServer will physicly move to (HQ), it will associate to the MPLS L2 link FW's IP address which is what we want and what's the cleanest thing to do.

Is it possible?

I've done a small quick test and it doesn't seems to work.


I hope it's clear... I know that's a weird scenario. 😉


Thank you in advance.

The most relevant steps that will directly impact the gateway are:
1. Set the main object IP for your Security Management to the new IP (whatever interface it's tied to)
2. Push policy from the Security Management
Only after the above steps are done will the gateway know about/accept the new IP address from the Security Management.
So the traffic routes in/out the right interface, you may have to make additional OS-level routing changes.
