PDA

View Full Version : Moving to another UTM-1 Appliance



c5thunder
2009-08-22, 09:17
I have a UTM-1 450 appliance that i upgraded from NGX R65 HFA40 to R70 and ran into alot of issues (missing users, full system partitions). I finally got it to work but dont feel comfortable with it being my production fwall and i'd like to rebuild it. I have an identical UTM-1 450 sitting around for testing that i would like to use as the primary fwall.

Problem is, the fwall is also my management station and the ICA. Is there a way to migrate all of that to the new appliance? My primary concern is to not disrupt our SecureClient users with having to reconfigure their VPN client.

Any assistance is greatly appreciated. FYI my plan is once i migrate to the other appliance, upgrade to R70.1, rebuild the malfunctioning appliance to R70.1 and cluster them.

chillyjim
2009-08-22, 11:59
upgrade_export/upgrade_import will allow you to do this.

Take a look at the upgrade guide and it has all the instructions on how to migrate from one system to another.

c5thunder
2009-08-23, 02:09
I've tried that and it wouldnt migrate the ICA properly and maxed out the disk space on the new appliance.

I can recreate everything manually except the ICA, so if i could just migrate the ICA then i'd be fine.

Thorpuse
2009-08-23, 05:03
For a 450, you need to use the WebUI to do the upgrade, do not try and run it via the CLI!

Also, note the "Safe-Upgrade" issue - set the safe upgrade time to 60 minutes.

I'd also suggest a backup/restore for UTM-1 rather than upgrade export/import, particularly if they are both UTM-1 devices. There's a good reason for that related to licensing - I won't spoil the conclusion, but it's a better way to go... :)