Move a Configuration to a New Firebox
To move a configuration from one Firebox to another Firebox, you must use Policy Manager. In Policy Manager, you edit the configuration from the existing Firebox, update the feature key with the feature key for the new Firebox, and then save the updated configuration to the new Firebox.
When you import a new feature key to your existing configuration file, Policy Manager automatically updates the existing configuration file so that it operates correctly with the new Firebox serial number and model specified in the feature key.
For information about how to configure a new Firebox that replaces a member of a FireCluster, see Configure a Replacement (RMA) FireCluster Member
When you move a configuration file from one Firebox to another Firebox, you must:
- Remove feature key for the old Firebox from the configuration file.
- Add the feature key for the new Firebox to the configuration file.
- If the new feature key is for a different model with a different number of interfaces, review and update the network interface configuration.
- Save the configuration to the new Firebox.
To update your configuration file, from Policy Manager:
- If you have not already done so, get a feature key for your new Firebox.
- Open your existing Firebox configuration in Policy Manager.
- Select Setup > Feature Keys.
The Firebox Feature Key dialog box appears.
- To remove the current feature key, click Remove.
- To add the new feature key, click Import.
The Import Firebox Feature Key dialog box appears.
- Open the feature key file for the new Firebox and paste the contents of the feature key in the Import Firebox Feature Key dialog box.
- Click OK.
The model information and features from the new feature key appear in the Firebox Feature Key dialog box.
- Click OK.
If your new Firebox model has a different number of interfaces than the old device model, Policy Manager shows a message that advises you to verify the configuration of the network interfaces.
- Select Setup > System to verify that the device model is correct. If the device model is not correct, select the correct device model and model number from the Firebox Model drop-down lists.
- Select Setup > Authentication > Web Server Certificate.
- Make sure that Default certificate signed by the Firebox is selected.
- If you have a third-party certificate, the option Third party certificate is selected. You must select Default certificate signed by the Firebox instead.
In the subsequent section, you import the third-party certificate on the new Firebox.
- Select Network > Configuration and review the network interface configuration.
To save the updated configuration to the new Firebox:
- Connect your computer to a trusted or optional network interface on the new Firebox.
- From Policy Manager, select File > Save > To Firebox.
- In the IP Address or Name text box, type the IP address of the new Firebox.
- In the User Name and Passphrase text boxes, type the credentials of a user with Device Administrator privileges on the new device.
If the new Firebox has a default configuration, the User Name is admin and the Passphrase is readwrite.
- From the Authentication Server drop-down list, select the correct authentication server for the user account you specified.
If the new Firebox has a default configuration, the Authentication Server is Firebox-DB.
- If you use an Active Directory server for authentication, in the Domain text box, type the domain name of your Active Directory server.
- Click OK.
- In the File Name text box, type the file name to save the configuration file.
- Click Save.
If the IP address you specified in Step 3 does is not the same as any of the IP addresses in the configuration file, a warning message appears.
- If a warning message appears, to confirm that you want to save the file, click Yes.
- If you have a third-party certificate, you must import the certificate now. For more information about the import and installation process, see Import and Install a Third-Party Web Server Certificate.
After you save a configuration file that changes the IP address of the Firebox interface that your computer is connected to, before you can connect to the Firebox, you must make sure your computer has an IP address on the same network as the updated interface IP address.
If your new Firebox is an M4600 or M5600, or any other Firebox that has removable interface modules, the number of configurable interfaces that appear in Policy Manager depends on the interface modules installed on the Firebox. After you save the configuration to the new Firebox, you must open the configuration file from the new Firebox to update the interface list.
To open the configuration from the Firebox and see the list of installed interfaces, from Policy Manager:
- Select File > Open > Firebox.
- In the User Name and Passphrase text boxes, type the credentials for a Device Monitor (read-only) user account.
- If you use an Active Directory server for authentication, the Domain text box appears. Type the domain name of your Active Directory server.
- Click OK.
The configuration file appears in Policy Manager.
- Select Network > Configuration.
The Network Configuration dialog box appears with the Interfaces tab selected.