For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kris_52344's avatar
kris_52344
Icon for Nimbostratus rankNimbostratus
Mar 20, 2009

how to change firepass box interface IP`s in cluster mode

Hello,

 

 

I am having two SSl-VPN(1200) box in cluster mode under producion.

 

& have plan to change the Interface IP`s,VIP & default gateway.

 

after reading theory i decide to do this as follows:

 

1] remove cluster

 

2] delete existing inteface IP then add new IP

 

[can i able to access the firepass console

 

after clicking Update?]

 

3] change default Gateway

 

4] change cluster & failover configuration.

 

5] Finalise changes & reboot.

 

 

or is there any other way to do this activity in less downtime?

 

 

Please Guide.

 

Thanks in advance.
BIG-IP Access Policy Manager (APM)
remote access
security

2 Replies

  • mal_57091's avatar
    mal_57091
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2009
    Hi There,

     

     

    Umm...you must been failover pair not cluster. FirePass 1200 does not support clustering (though FirePass 4100/4300 does). So assuming you mean failover pair what you have seems okay. The only thing to be very careful of is that you do not re-join the slave to the primary unit before all config changes are made otherwise you risk having the slave unit overwrite the master with old/incomplete config.

     

     

    Good luck!

     

     

    Cheers,

     

    Mal
  • kris_52344's avatar
    kris_52344
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2009
    Thanks Mal..

     

     

    I am having two SSl-VPN(1200) box in failover mode under producion.

     

    & have plan to change the Interface IP`s,VIP & default gateway.

     

    what is Best Practice for the same..

     

     

    can anybody help me out, as i m new in this vpn technology.