Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martijn
Advisor
Advisor

Replacing PTC hardware

Hi all,

Customer has a Private Threat Cloud appliance in te network on R81.10 and Smart-1 3050 hardware.

The Smart-1 3050 is end-of-support by the end of this year, so the customer got a new Private Threat Cloud on Smart-1 6000 hardware.

We would like to replace the hardware with minimal effort, so I have configured the new hardware with the same settings like hostname and IP as the current one.

Looking at sk149692 I can get the certificate from the current Smart-1 3050 appliance:

  1. /web/conf/server.crt
  2. /web/conf/server.key

And import it into the new Smart-1 6000 appliance after I installed the PTC. Using the ptc_cli config command.

Is that all I need? Do I need to run anything on the management server?

By importing the certificate and keeping the same hostname and IP, the management should not see anything is different. Also the gateways have the correct entries in their hostfile and the PTC certificate is stored on the gateways.

Is my assumption correct, or am I missing something? 

Regards,
Martijn


0 Kudos
4 Replies
PhoneBoy
Admin
Admin

If PTC uses SIC then this will probably need to be re-established.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You have to use Management Dashboard to select new HW model for PTC and renew the SIC.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Martijn
Advisor
Advisor

Hi,

From R80.20 PTC, there is no object for the PTC appliance in SmartConsole. And I never established a SIC (with a password) between PTC and appliances or management.

The only thing you do on a PTC appliance is installing R81.10 management and install the PTC software.

On the management server you use the PTC management add-on script to configure gateways to use the PTC instead of the public update servers. The management add-on script shows a current certificate from the PTC. Because I import the current certificate, this should not be a problem.The only thing the management add-on script does is configuring the hostfile and installing the PTC certificate on the gateways.

So the steps sound very simple and straight forward. Just want to make sure I do not miss something here.

In worst case scenario, I need to re-configure all gateways to use the 'new' PTC and that is not something I am looking forward to.

Martijn




0 Kudos
G_W_Albrecht
Legend Legend
Legend

I never installed a Management Blade on my TX1000 and had it managed as a PTC by my SMS. You do one policy install at least once on it...

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events