Hi all. We have a FW cluster with ISP redundancy configured. Let's say the current IPs are:
- Cluster VIP - 10.10.10.2
- FW1 - 10.10.10.3
- FW2 - 10.10.10.4
- ISP GW - 10.10.10.1
We have been asked to change the default route to point to another ISP GW address (let's say 20.20.20.1). The new IP range is already configured but it's not yet part of the ISP redundancy. It's been a while since my last (and only) time doing this so I want to make sure I'm on the right track.
This is what I think needs to be done having looked back on my notes:
- 1) Failover to the current backup ISP
- 2) Change the (primary ISP) object IPs on the policy from 10.10.10.0 to the new 20.20.20.0 IP range
- 3) Change the cluster VIP on the General Properties page
- 4) Verify NAT policy object IP changes and make ARP changes on each FW
- 5) Add new IP range to the ISP redundancy settings
- 6) Install Policy
- 7) Failover to new Primary IP range
Is there anything I've missed out? Thanks very much