| Home Prev |  Hardware Replacement Guide for NetWall Firewalls
|
Next |
|---|
This chapter looks at the case where a single standalone hardware unit is to be replaced with another non-identical unit that has fewer Ethernet interfaces than the original unit.
The replacement procedure is as follows:
Attach the cables to the new hardware unit in exactly the same way they were attached to the old except for the interfaces that no longer exist.
Apply power to the new unit so that cOS Core starts.
The new hardware unit will have the default IP address on its default management Ethernet interface. If required, change this to the address used by the old unit. This is described in:
As described in the Getting Started Guide for the hardware model, attach an external computer to the new unit's default management Ethernet interface over a network.
Using a web browser on the external computer, log on to the new unit via the cOS Core Web Interface. The default username and password is always admin and admin.
If there is a backup of the configuration from the old hardware available, the interfaces of the old hardware configuration can be mapped to the interfaces of the new hardware by using the Hardware Replacement Wizard. This is described in:
Appendix A, Wizard Interface Mapping
The converted backup file created by the wizard can then be uploaded to the new hardware by selecting the Web Interface menu option:
Maintenance > Backup
If interface mapping is to be done manually instead of using the wizard, the original backup should be uploaded to the new hardware. Before activating the configuration, follow the procedure described in Appendix B, Manually Mapping Interfaces.
If no configuration backup from the old hardware is available, the remaining steps should be skipped.
![[Important]](images/important.png) |
Important: The wizard leaves unmapped interface references |
|---|---|
|
If the wizard was used to map old to new interface names, it removes the interfaces that are extra and not mapped. However, it does not remove any references to these interfaces in the new configuration's objects and rules. The references to the removed interfaces will cause errors when trying to save and activate the configuration and they must be removed or changed manually before continuing. |
Finally, activate and commit the configuration by selecting the Web Interface menu option:
Configuration > Save
The MAC addresses of the Ethernet interfaces on the new hardware will be different from the old unit so the cOS Core license from the old hardware will no longer be valid. A new license from the Clavister must be installed. This can be done in one of the following ways:
Automatically through the Web Interface by going to Status > Maintenance > License.
Automatically through the CLI with the command:
Device:/> license -activate -request -username=myname -password=pswd
Manually by first downloading a new license from the Clavister website then uploading it either through the Web Interface or with SCP. This will require the information written on the label attached to the hardware. With some older Clavister hardware models, this is the only option.
Note that for hardware released from the 4th quarter of 2021 (for example, the 100, 500 and 6000 Series) licenses will be a subscription based Security as a Service (SECaaS) licenses. Installation of a SECaaS license requires that cOS Core is configured with both Internet access and a public DNS server.
If No Backup is Available
If no backup is available, the default cOS Core configuration must be manually configured until it matches the configuration of the old hardware unit. This must be done object by object, and rule by rule.This is time consuming and emphasizes the importance of regular configuration backups. It is also recommended to take at least one full system backup once a Clavister NetWall Firewall becomes live. This makes it easier to restore the original cOS Core version on new hardware that may have a different default version.
Configuration references to interfaces that are not reassigned must be manually changed to refer to interfaces that have been reassigned.
