- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Need to Upgrade from 1 gig copper to 10 gig fiber
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Need to Upgrade from 1 gig copper to 10 gig fiber
Hello!
We need to upgrade an existing 5600 firewall cluster running R81 from 1 gig copper connections, to 10 gig fiber. A CPAC-4-10F-B module has been purchased for each firewall. My assumption is that we will need to do the following for each firewall...
Power Down the firewall.
Install the Module.
Power on Firewall and login via GAIA.
Remove Configuration for each Eth interface and configure the new 10 gig interface to be identical to the old corresponding Eth interface.
If the name, IP, etc. are identical on the newly configured 10 gig interface... are any other configuration changes required?
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay here was the scenario...
Customer wanted to upgrade 2 of their existing 1 gig copper interfaces to a new 10 gig module. We needed to migrate a DMZ and one of their ISP circuits from the 1 gig built in copper to the new 10 gig module. We did the DMZ first since it was lowest risk.. Easy peasy... logged into GAIA on primary and secondary firewalls... removed interface configuration and disabled copper interface... configured new 10 gig port with identical configuration and plugged in the new fiber. Did a get interfaces with topology in SmartConsole and done. No issues, everything worked flawlessly.
Next we did the internet interface. Followed the same procedure, but no internet. (Oh Crap). Ended up needing to set the interface to the new interface on the ISP failover configuration in SmartConsole. Whew! One more issue though... VPN wasn't functioning as expected. Checked out the logs and we had spoofing issues. Needed to go into the new interface and add the VPN subnet to the ignore for spoofing. Finally, everything was working as expected!
Lesson learned... a basic interface is just a reconfiguration in GAIA, move cables, get interfaces in Smartconsole, and done.
An external interface doing ISP failover and providing VPN services... requires a little extra configuration in the SmartConsole.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please clarify a few things about your scenario:
1. Are you using the existing 1Gbps interfaces as Bonds (sk122032).
2. Are the existing 1Gbps ports on a NIC card being removed or the onboard/built-in ports?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. Some of the interfaces will be moved to 10 gig SFPs, and some will be 1 gig and swapped for 10 gig during a cutover with the ISP.
2. The existing 1 gig connections are built in, and new connections will be moved to SFPs on a new module.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since it's a cluster it may help to review sk57100 for removing / adding interfaces e.g. VLANs etc.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay here was the scenario...
Customer wanted to upgrade 2 of their existing 1 gig copper interfaces to a new 10 gig module. We needed to migrate a DMZ and one of their ISP circuits from the 1 gig built in copper to the new 10 gig module. We did the DMZ first since it was lowest risk.. Easy peasy... logged into GAIA on primary and secondary firewalls... removed interface configuration and disabled copper interface... configured new 10 gig port with identical configuration and plugged in the new fiber. Did a get interfaces with topology in SmartConsole and done. No issues, everything worked flawlessly.
Next we did the internet interface. Followed the same procedure, but no internet. (Oh Crap). Ended up needing to set the interface to the new interface on the ISP failover configuration in SmartConsole. Whew! One more issue though... VPN wasn't functioning as expected. Checked out the logs and we had spoofing issues. Needed to go into the new interface and add the VPN subnet to the ignore for spoofing. Finally, everything was working as expected!
Lesson learned... a basic interface is just a reconfiguration in GAIA, move cables, get interfaces in Smartconsole, and done.
An external interface doing ISP failover and providing VPN services... requires a little extra configuration in the SmartConsole.
