I have a clusterXL of two 5200 FWs, each one R80.10. FW1 is connected to SW1 and FW2 is connected to SW2. FW1 is active and FW2 standby. SW1 and SW2 are connected back to back with a trunk link, cluster is working good, diagram below.
We need to replace SW1 and SW2 by new SWs with same configuration. This is my plan to replace the switches without downtime:
1.Power of FW2 and then power off SW2.
3.Power on new SW2 then power on FW2.
4.Verify that cluster is healthy.
5.Make FW2 active and FW1 standby.
6.Power off FW1 and then power off SW1.
8.Power on new SW1 then power on FW1.
9.Verify that cluster is healthy.
10.Make FW1 active and FW2 standby.
11.End of maintenance.
Q. Should I power off the Firewalls as above? or Should I keep them up and let them resync after each SW is replaced? What is better according your experience and best practices?