Procedure

1. Remove the replacement device from the box and complete the Out of Box Experience (OBE) instructions using the old IPS address for the new one.
2. Select Devices > All Devices, choose the device to be replaced, and then select Edit > Details > Replace Device.
3. After Devices - Replace Device dialog displays, enter the information for the new IPS device, and then click OK.

If all of the supplied information is correct, the models are the same and the TOS versions are the same, a progress dialog appears. When the replacement process is complete, a dialog appears and directs you to redistribute the appropriate versions of the IPS profiles.

Device replacement guidelines

The following table specifies device replacement options using the Device Replacement feature:

Current device	Can be replaced with
8400TX	8200TX or 8400TX
8200TX	8200TX or 8400TX
5500TX	5500TX, 8200TX, or 8400TX
1100TX	vTPS, 1100TX, or 5500TX
2200T	2200T, 5500TX, 8200TX, or 8400TX
440T	440T, 2200T, vTPS, 1100TX, or 5500TX
vTPS	vTPS, 440T, or 1100TX
7500NX	8200TX or 8400TX
7100NX	8200TX or 8400TX
6200NX	8200TX or 8400TX
5200NX	5500TX, 8200TX, or 8400TX
2600NX	5500TX, 8200TX, or 8400TX
6100N	8200TX or 8400TX
5100N	5500TX, 8200TX, or 8400TX
2500N	5500TX, 8200TX, or 8400TX
1400N	2200T or 5500TX
660N	440T, 2200T, vTPS, 1100TX, or 5500TX
330	440T, 2200T, vTPS, 1100TX, or 5500TX
110	440T, 2200T, vTPS, 1100TX, or 5500TX
Notes Replacing a higher throughput model with a lower throughput model risks data loss. For a full replacement to be successful, you cannot replace a Performance mode vTPS with a Normal mode vTPS. For SSL inspection, the replacement device must be capable of performing SSL inspection. These devices do not support SSL inspection: vTPS device deployed in Normal Mode, 440T, and 1100TX.

General clarifications

• X-Family devices are not supported as either device.
• Core Controller is not supported as either device.
• The old model cannot be running a newer TOS than the new model.
• Segments - Data loss occurs if the new device has fewer segments than the old device. For example, when a device with four segments is replaced by a device with two segments, events and settings related to the additional segments, if configured on the original device, are lost.
  • New model has more segments - Because the models are not the same and the new device has extra segments, the new segments are not configured. Extra segments are placed in the Default segment group.
  • New model has fewer segments - Because the models are not the same and the new device has fewer segments, the SMS cannot copy all segment/port setting to the new device. Therefore, the configuration of the common segments is copied and the remaining segments are dropped or removed from the SMS.
• DDoS - Possible data loss occurs if the new device does not support DDoS and the old device is configured for DDoS. If the new model is not the same as the old model:
  • And the old model supports DDoS and the new model does not, then DDoS functionality is removed.
  • Virtual segments are removed.
  • And the old model has more physical segments than the new model, information is lost.
• Profile distribution - Auto redistribution of profiles is not supported.
• Device users - A replacement device does not inherit device users. All device users must be added back manually.
• FIPS settings - You cannot replace FIPS Settings on a device.
• Remote authentication - RADIUS authentication settings and servers remain only if the replacement device supports RADIUS authentication. SMS authentication settings are not inherited when a TPS device replaces an IPS device.
• New model cannot use same IP address as old model - If the old model is still online, you cannot use the same IP address and must choose a different one for the new model. If the TOS versions are not the same, you must upgrade to the newer version. After you upgrade your IPS device, you can give the old device and new IP Address and place it in another area of the network.

Replace an IPS device with an NX device

• Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
• If the first NX slot does not contain a module, data from the previous model is lost.
• Data from the previous model is lost for any ports/segments that exceed the number of NX module ports/segments.

Replace an NX device with another NX device

• Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
• If either of the NX models has a different slot configuration, data may be lost.
• Data is not mapped to or from models with a blank slot and is lost.

Port configuration considerations

When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
 

Old Device	New Device	Device Replace Behavior
IPS	IPS	No Change
IPS	IPS (NX-Platform)	All of the device configurations except for port configuration will be copied to the new device. The NX-Platform device I/O modules are very different from previous IPS devices.
IPS (NX-Platform)	IPS (NX-Platform)	All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.
IPS (NX-Platform)	TPS (TX Series)	All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.
TPS (TX Series)	TPS (TX Series)	All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.