PDA

View Full Version : downtime estimation



petercinvest
2015-11-16, 23:16
currently we have four ports used in 4200 firewall, three ports are used for internet eth1, service eth2 and DMZ eth3, now we buy another 4200 firewall for redundancy, instead of buying additional module. we would like to change exsiting three ports,

combine eth2 and eth3 into one eth2 by using different VLAN, DMZ will be eth2-vlan 20, service will be eth2-vlan 123, how to minimize downtime, or any other better solution?

laf_c
2015-11-17, 04:51
If you are familiar with CP I think 1h should be enough if you prepare this in advance.
I usually jot down in notepad or excel sheet each step, including cabling. Then review the page and reorder until I finish with an optimized process.

One curiosity: if you add another module on 4200 FW how can you achieve redundancy? You meant interface redundancy?

petercinvest
2015-11-17, 22:05
I already have four interfaces used up, in order to connect to a second 4200, we plan to buy additional module to link up heartbeat interface or combine two ethernet into one using vlan type interface, so which solution has minimal downtime?

laf_c
2015-11-18, 05:25
I already have four interfaces used up, in order to connect to a second 4200, we plan to buy additional module to link up heartbeat interface or combine two ethernet into one using vlan type interface, so which solution has minimal downtime?

It might be just me, but I can't see how adding new ports on that unit will avoid an outage when you bind two physical interfaces into one and start using vlans/subinterfaces.

petercinvest
2015-11-24, 03:16
so are you saying for two gateway to form HA, there always has down time?

laf_c
2015-11-25, 04:48
so are you saying for two gateway to form HA, there always has down time?

Not always, bust most of the time. So when you deployed your first FW if you thought of HA and created an HA with one member only then adding later another member implies no downtime. Otherwise you will just have to plan this carefully and limit the downtime as much as possible.