Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Change to Multiple Mode- FWSM

I have a failover pair in single mode. What would be the best process to move to multiple mode and keep my failover as intact as possible. Any thoughts on the best process to move to multi mode?

Thanks in advance!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Change to Multiple Mode- FWSM

Looks like nowbody likes to answer your question.

I suppose you have a Inter Chassis Failover ?

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/failover.html#wp1039005

Note: It is not possible without a short out of service to change from single to multi context mode.

There is a partial guide on multi mode setup:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/context.html#wp1051132

Procedure:

1. Save/backup your configurations in a text file !

2.) Remove original standby Switch (FWSM) from the network. The standby Switch/FWSM should not see any more the primary one.

3.) configure multi mode on the standby unit and reload the FWSM.

4.) Configure a new firewall context and copy paste your old config. Reconfigure the system context and failover settings and create the admin context if needed.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/context.html#wp1096339

5.) Now you need to switch the Switches.

Remove the primary switch from the network and connect the new configured standby one into the network.

6.) configure multi mode on the primary unit and reload the FWSM.

4.) Configure the old primary FWSM with the basic Failover settings.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/failover.html

5.) Connect primary firewall on the network.

The old stanby FWSM will now synchronise automaticly the config of the contexts should be identical.

sincerely

Patrick

2 REPLIES

Re: Change to Multiple Mode- FWSM

Looks like nowbody likes to answer your question.

I suppose you have a Inter Chassis Failover ?

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/failover.html#wp1039005

Note: It is not possible without a short out of service to change from single to multi context mode.

There is a partial guide on multi mode setup:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/context.html#wp1051132

Procedure:

1. Save/backup your configurations in a text file !

2.) Remove original standby Switch (FWSM) from the network. The standby Switch/FWSM should not see any more the primary one.

3.) configure multi mode on the standby unit and reload the FWSM.

4.) Configure a new firewall context and copy paste your old config. Reconfigure the system context and failover settings and create the admin context if needed.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/context.html#wp1096339

5.) Now you need to switch the Switches.

Remove the primary switch from the network and connect the new configured standby one into the network.

6.) configure multi mode on the primary unit and reload the FWSM.

4.) Configure the old primary FWSM with the basic Failover settings.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm23/configuration/guide/failover.html

5.) Connect primary firewall on the network.

The old stanby FWSM will now synchronise automaticly the config of the contexts should be identical.

sincerely

Patrick

Community Member

Re: Change to Multiple Mode- FWSM

Thanks Partick! This will do!

433
Views
0
Helpful
2
Replies
CreatePlease to create content