I have an upcoming change that will involve replacing a pair of ClusterXL firewalls with new hardware. My organization has only been using ClusterXL for a year and this will be the first time we are replacing a cluster that is extremely high-impact to applications/end users. The new cluster will have different physical address IPs but will take over the existing Virtual IPs. I am wondering what are the recommended steps for transitioning from one cluster to another with the least amount of impact.
For the clusters I have replaced since moving from VRRP to ClusterXL, I have stood up the new cluster side-by-side the existing one with different physical IPs in the same subnets. Added them to Smart Console with those IPs and left the VIPs blank on the new cluster until the time to cutover to them. The new pair would already have the same policy before the change is done, but would not have any VIP information in them.
For the actual cutover my steps have been:
1) Update new cluster object to add both VIPs and save
2) Begin policy push to new cluster
3) While policy is pushing stop services on backup member of old cluster, then stop services on primary member
4) As soon as policy shows it is pushed verify that the VIPs show up in the new cluster
5) Refresh ARP manually if necessary on connecting L3 switches to avoid issues with ARP cache
Can I do anything to improve upon this plan? Have any suggestions for minimizing the impact?