IPS Device Replacement Limitations
The Device replace feature has the following limitations:
N/NX-Platform Devices:
- N/NX Platform devices can replace any device, but may have data loss.
- Only N/NX Platform devices can replace other N/NX Platform device
- RADIUS authentication settings and servers remain only if the replacement devices support
- RADIUS authentication (N-Platform or NX-Platform devices running TOS v3.7.0 or later).
- A replacement device does not inherit device users. All device users must be added back manually.
- You cannot replace FIPS Settings on the device.
Profile Distribution:
Auto redistribution profiles is NOT supported
Port configuration considerations
When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
IPS Device Replacement Considerations
If you are replacing the same model with another model and both devices have the same TOS, the one-to-one replacement is straightforward. The following replacement options have specific issues to take into consideration:
Segments
Data loss occurs if the new device has fewer segments than the old device. For example, when a device with four segments is replaced by a device with two segments, events and settings related to the additional segments, if configured on the original device, are lost.
DDoS
Possible data loss occurs if the new device does not support DDoS and the old device is configured for DDoS.
Different Models
New model cannot use same IP address as old model: If the old model is still online, you cannot use the same IP address and must choose a different one for the new model. If the TOS versions are not the same, you must upgrade to the newer version. After you upgrade your IPS device, you can give the old device and new IP Address and place it in another area of the network.
New model has more segments: Because the models are not the same and the new device has extra segments, the new segments are not configured. Extra segments are placed in the Default segment group.
New model has fewer segments: Because the models are not the same and the new device has fewer segments, the SMS cannot copy all segment/port setting to the new device. Therefore, the configuration of the common segments is copied and the remaining segment are dropped or removed from the SMS.
How To: Replace a Device
- Remove the new replacement IPS from the box and complete the Out of Box Experience (OBE) instructions using the old IPS address for the new one.
- If the old model and new model are not the same and/or the TOS versions are different, refer to the "IPS Device Replacement Considerations" section above.
- Log in to the SMS from a client.
- On the SMS toolbar, navigate to the Devices->All Devices tab screen.
- On the All Devices screen, select the device to be replaced and do one of the following:
- Right-click and select Edit -> Replace Device.
- On the top menu bar, select Edit->Details->Replace Device.
- After Devices - Replace Device dialog displays, enter the information for the new IPS device and click OK.
- If all of the supplied information is correct, the models are the same and the TOS versions are the same, a progress dialog appears. If the models or TOS versions are not the same, refer to the "IPS Device Replacement Considerations "section of the SMS User Guide.
- When the replacement process is complete, a dialog appears and directs you to redistribute the appropriate versions of the IPS profiles.
Reference: SMS User Guide
