Procedure:
- Remove the replacement device from the box and complete the Out of Box Experience (OBE) instructions using the old IPS address for the new one.
- Select Devices > All Devices, choose the device to be replaced, and then select Edit > Details > Replace Device.
- After the Devices - Replace Device dialog displays, enter the information for the new device and click OK.
A progress dialog will appear if all the supplied information is correct, the models are the same, and the TOS versions are the same. When the replacement process is complete, a dialog directs you to redistribute the appropriate versions of the IPS profiles.
Device replacement guidelines
The following table specifies device replacement options using the Device Replacement feature:
| Current Device Device | It can be replaced with | ||||||||||||||||||||||||||
| 9200TXE | 9200TXE | ||||||||||||||||||||||||||
| 8600TXE | 8600TXE.or 9200TXE | ||||||||||||||||||||||||||
| 8400TX | 8200TX, 8400TX, 8600TXE.or 9200TXE | ||||||||||||||||||||||||||
| 8200TX | 8200TX, 8400TX, 8600TXE.or 9200TXE | ||||||||||||||||||||||||||
| 5500TX | 5500TX, 8200TX, 8400TX, 8600TXE.or 9200TXE | ||||||||||||||||||||||||||
| 1100TX | vTPS, 1100TX, or 5500TX | ||||||||||||||||||||||||||
| 2200T | 2200T, 5500TX, 8200TX, 8400TX, 8600TXE.or 9200TXE | ||||||||||||||||||||||||||
| 440T | 440T, 2200T, vTPS, 1100TX, or 5500TX | ||||||||||||||||||||||||||
| vTPS | vTPS, 440T, or 1100TX | ||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
General clarifications
- X-Family devices are not supported as either device.
- Core Controller is not supported as either device.
- The old model cannot be running a newer TOS than the new model.
- Segments - Data loss occurs if the new device has fewer segments than the old device. For example, when a device with four segments is replaced by a device with two segments, events and settings related to the additional segments, if configured on the original device, are lost.
- New model has more segments - Because the models are not the same and the new device has extra segments, the new segments are not configured. Extra segments are placed in the Default segment group.
- New model has fewer segments - Because the models are not the same and the new device has fewer segments, the SMS cannot copy all segment/port setting to the new device. Therefore, the configuration of the common segments is copied and the remaining segments are dropped or removed from the SMS.
- DDoS - Possible data loss occurs if the new device does not support DDoS and the old device is configured for DDoS. If the new model is not the same as the old model:
- And the old model supports DDoS and the new model does not, then DDoS functionality is removed.
- Virtual segments are removed.
- And the old model has more physical segments than the new model, information is lost.
- Profile distribution - Auto redistribution of profiles is not supported.
- Device users - A replacement device does not inherit device users. All device users must be added back manually.
- FIPS settings - You cannot replace FIPS Settings on a device.
- Remote authentication - RADIUS authentication settings and servers remain only if the replacement device supports RADIUS authentication. SMS authentication settings are not inherited when a TPS device replaces an IPS device.
- New model cannot use same IP address as old model - If the old model is still online, you cannot use the same IP address and must choose a different one for the new model. If the TOS versions are not the same, you must upgrade to the newer version. After you upgrade your IPS device, you can give the old device and new IP Address and place it in another area of the network.
- Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
- If the first NX slot does not contain a module, data from the previous model is lost.
- Data from the previous model is lost for any ports/segments that exceed the number of NX module ports/segments.
- Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
- If either of the NX models has a different slot configuration, data may be lost.
- Data is not mapped to or from models with a blank slot and is lost.
When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
| Old Device | New Device | Device Replace Behavior |
|---|---|---|
| IPS | IPS | No Change |
| IPS | IPS (NX-Platform) |
All of the device configurations except for port configuration will be copied to the new device. The NX-Platform device I/O modules are very different from previous IPS devices. |
| IPS (NX-Platform) |
IPS (NX-Platform) |
All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |
| IPS (NX-Platform) |
TPS (TX Series) |
All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |
| TPS (TX Series) |
TPS (TX Series) |
All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied. |