[RayPesek]

The SmartCenter is already on R62 or R65, right? It must be on the same or a higher version of the firewalls.

Since the firewalls are on different versions of IPSO you can't use Nokia's backup and restore functions. Your best bet is to print off the System Configuration page from Voyager on the existing one and use it to manually configure the new one. Be certain to make the interfaces the same.

Once the new one is built up, print off its configuration and compare the two.

Build up a test SmartCenter on an old desktop using SPLAT. Use upgrade_export on the real SmartCenter to create a backup. Import it into the test SmartCenter with upgrade_import. Connect the test SmartCenter to the new firewall with a router or something to handle the different subnets (assuming the SmartCenter is on a different subnet than the internal interface of the firewall).

Establish SIC and do some test policy pushes. Once you're sure it's good, reset SIC on the firewall. It now has the current firewall policy and is ready to have SIC established with the real SmartCenter.

When you go to swap them out, remember you'll probably have a problem with ARP caching on the devices connected directly to the existing firewall. If you don't know how to flush their ARP caches, just reboot them. If you just let the ARP caches expire, you could have fifteen minutes or more of no traffic. Since the firewalls already have a policy that's very close to the current one, they should just start to work. Note: Certificate-based site-to-site VPNs may not start up until the SmartCenter comes online.

Establish SIC with the real firewall and check the gateway properties for FW-1 and OS versions.

Ray