Hi
Ben.
I am
sure I am missing a number of things, but these are a couple that come to
mind:
-depending on the configuration, change the IP of the
router sitting outside the firewall to the new network
-change appropriate routes on the router if your
configuration warrants it (also update things like egress ACLs,
etc.)
-change the firewall IP
-change and apply the new firewall/SR
license
-inform users in advance of new firewall IP for SR if
appropriate (also tell them to update their topologies if you don't have it
setup to do it automatically)
-inform partners and others who site-to-site VPN into
you of new firewall IP if appropriate
-change host address assignment on firewall's host
file
-if
management is separate, change host address assignment of firewall in mgmt's
host file -change routes on firewall where needed -update firewall object
IP
-update firewall object interfaces
list
-update and insure your anti-spoofing rules are
applied
-update other appropriate objects (networks, encryption
domains, servers, NAT rules, etc.)
-re-do
putkeys with management and affected firewalls if
appropriate
-re-push all polices to all firewalls controlled by
that management console (I usually do all of them for a comfort
level)
-also
make sure the firewalls can properly fetch policy properly
-update any DNS records if needed (possible
reverse/in-addr.arpa lookups for necessary IPs, NAT IPs,
etc.)
-flush
all ARP cache's/FDBs, etc on the routers, firewalls,
switches
I then
usually cold reboot the firewall if the installation allows it to make sure it
all comes up as it should.... Hey, I am weird....
Let me
know if other things come to mind.
Thanks.
Jarrett
hi all
i shall be moving our firewalls over to a
differnet network ,
and i have had the licenses re-generated for the
external ip address , now i would like to know what i have to change in
firewall-1 ver 4.1 to get it to accept the changes of differnet ip
addresses
|