You can change the control IP address of an NGFW Engine to a new address that belongs to the same network as the old address.
The new control IP addresses of IPS engines and Layer 2 Firewalls must always belong to the same network as the existing control IP
addresses. If management connectivity is no longer needed, change the control IP address in the SMC and reinitialize the NGFW Engine through the command line using a new one-time password. For more details about the product and how to configure features, click Help or press F1.
Steps
-
If you have an IP-address-bound license for the NGFW Engine, request a new Management Server POL code bound license at https://stonesoftlicenses.forcepoint.com.
This change is required, because IP-address-bound licenses are no longer supported.
-
Install and bind the new license to the NGFW Engine.
-
In the Engine Editor, create an interface for the new IP address and set the address as the backup control IP address.
-
Install the policy on the NGFW Engine.
From this point on, you can start using the new address in the network.
-
In the Engine Editor, set the old and new control IP addresses as the backup and primary control IP addresses, respectively.
Note: If your NGFW Engine cannot use the old and new control IP addresses simultaneously, remove the old control IP address from the
Interfaces pane in the Engine Editor. Also remove the corresponding network from the
Routing pane in the Engine Editor.
-
Click Save and Refresh.
-
Remove the old control IP address from the
Interfaces pane and the
Routing pane in the Engine Editor.
-
Click Save and Refresh again.
Note: If the connection with the Management Server is lost while you try to change IP addressing, run the NGFW Configuration Wizard (sg-reconfigure) on the NGFW Engine command line. This action returns the NGFW Engine to
the initial configuration state and re-establishes initial contact between the NGFW Engine and the Management Server.