Hi all,
I'm planning a firewall replacement / upgrade. I'm upgrading a SRX1500 to a SRX4100. Since this device and its FW policies are managed through Junos Space i'm looking for ways to make the upgrade as smooth as possible on the Junos Space side. I've tried a couple different options:
Put the device in RMA state
Yes this is a good way to swap a device when you're staying on the same platform. However migrating to a newer platform with different interface configurations etc (for instance ge-0/0/0 will map to xe-0/0/0) seems to fail: Space will remove the existing config on xe-0/0/0 and replaces it with ge-0/0/0 (which doesn't exist.)
Re-import the FW policy's and create the device as new instead of replacing the old deviceThis kind of works with the exception of the rules in "policies applied before 'device specific policies'". These policies will be imported under the "Device specific policies". With a rulebase of 600+ ruiles its a pain in the ass to manually correct these rules in the GUI. I could script this but its still a lot of work.
Configure the new FW with the old management IP's and adjust the config in SpaceNot going to work, Space does some SSH Key checking under the hood and sees a diff in the current config.
Did anyone else do a FW migration / upgrade with a platform change on Junos Space Security Director? Do you have any tips to make the upgrade smooth on the management side?
No comments:
Post a Comment