Before you change the role of an NGFW Engine from one type to another, perform these high-level steps to create an engine element for the new role.
Note: You cannot use the same primary control IP address in multiple elements. You must either change the primary control IP address in the engine’s current interface configuration or delete the existing engine element before creating the new engine element.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Create the correct type of engine element for the new role and define the basic properties.
-
Configure the engine’s interfaces.
-
Configure the routing.
- Routes to directly connected networks are automatically added for all NGFW Engine roles.
- For Firewalls, add a default route and any routes through next-hop gateways to networks that are not directly connected to the Firewalls.
- You might need to define a default route for IPS engines and Layer 2 Firewalls if the
SMC components are not on a directly connected network.
-
Generate the initial configuration for the engine and save the configuration on a USB drive.
For more information, see the topic that explains management contact procedure for engines.