Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Andrej_Zimsek
Explorer

Changing management IP - changing appliance SIC

HI

I would like to get yur ideas about the procedure for changing IP of management and reconnecting appliances to to it as smooth as possible.

I have procedure for changing IP address of management server (R77.30) - (I have made clone and changed IP according to the sk) and I have tested it (works fine). I also tested switching one appliance to new management IP (while the rest of appliances were still connected to old managemnt server) and everything works as expected.

My question is how to approach with changing management on remote appliances since when I try to connecto to new management (establish SIC) I get Outgoing Policy to the appliance and that policy disconnect me fro mhte appliance. It is not problem if you are on site, but for doing migration for remote sites where nobody skilled is on site is a problem.

What I am researching now is:

 1. Disconnecting appliance from central management, creating local policy for the appliance (14xx series) or EDGE and enabling remote access, establish SIC with new management

 2. Possibility of changinf Outgoing policy on the appliance to allow remote access to appliance

Which approach would be better? Are there any other possibilities for achieving migration from one management server ot another?

Many thanks for ideas, thoughts

       Andrej

0 Kudos
4 Replies
Alejandro_Mont1
Collaborator

There is sk86521 which details resetting SIC without restarting the firewall processes thus stopping the initial policy from being loaded. I have used the procedure on standard appliances however never attempted on a 1400 or edge device. The document shows it is relevant for Gaia embedded however I would test in your lab before making any attempt without being on site.

0 Kudos
Andrej_Zimsek
Explorer

Can you please send me instructions described in sk86521 directly since I can not access it via Knowledge Base - "This Solution is not allowed for your currect access level".

0 Kudos
Maarten_Sjouw
Champion
Champion

As you are dealing with Embedded devices, this is a little bit of a different story. First of all, in the device itself go to the device/Administrator access and add your management IP to the allowed list, also allow the Internet access. Now in dashboard set the global property to allow SSH and Web connections to Small Office Appliances on the Firewall page. Push the Policy!!

This way you can always connect to he appliance, then reset the SIC in Dashboard, go to the GW and reset the connection to the Management and then start the wizard to reconnect to the new IP.

Regards, Maarten
Maarten_Sjouw
Champion
Champion

To add a bit on the normal Gaia systems, make sure to issue the command "set management interface ethX" where ethX is the interface facing the internet (where you will be connecting from).

This will make sure you are allowed to connect SSH to the gateway through that interface.

Regards, Maarten

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events