Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

TippingPoint Device Replacement Matrix

    • Updated:
    • 18 Jul 2019
    • Product/Version:
    • Platform:
Summary
The SMS provides a convenient option that allows you to replace an existing device and have the new device function exactly the same as the old device. If you are replacing the same model with another model and both devices have the same TOS, the one-to-one replacement is straightforward.

There are certain limitations based on device features. For example, If you replace an IPS device that supports DDoS with an IPS device that does not support DDoS, data might be lost. When you replace a device, the events from the previous device are preserved. However, previously installed TOS versions, rollback versions, and snapshots are reset using the new (replaced) device as a starting point.
Details
Public
Procedure
  1. Remove the replacement device from the box and complete the Out of Box Experience (OBE) instructions using the old IPS address for the new one.
  2. Select Devices > All Devices, choose the device to be replaced, and then select Edit > Details > Replace Device.
  3. After Devices - Replace Device dialog displays, enter the information for the new IPS device, and then click OK.
If all of the supplied information is correct, the models are the same and the TOS versions are the same, a progress dialog appears. When the replacement process is complete, a dialog appears and directs you to redistribute the appropriate versions of the IPS profiles.

Device replacement guidelines

The following table specifies device replacement options using the Device Replacement feature:
Current deviceCan be replaced with
8400TX8200TX or 8400TX
8200TX8200TX or 8400TX
5500TX5500TX, 8200TX, or 8400TX
1100TXvTPS, 1100TX, or 5500TX
2200T2200T, 5500TX, 8200TX, or 8400TX
440T440T, 2200T, vTPS, 1100TX, or 5500TX
vTPSvTPS, 440T, or 1100TX
7500NX8200TX or 8400TX
7100NX8200TX or 8400TX
6200NX8200TX or 8400TX
5200NX5500TX, 8200TX, or 8400TX
2600NX5500TX, 8200TX, or 8400TX
6100N8200TX or 8400TX
5100N5500TX, 8200TX, or 8400TX
2500N5500TX, 8200TX, or 8400TX
1400N2200T or 5500TX
660N440T, 2200T, vTPS, 1100TX, or 5500TX
330440T, 2200T, vTPS, 1100TX, or 5500TX
110440T, 2200T, vTPS, 1100TX, or 5500TX
Notes
  1. Replacing a higher throughput model with a lower throughput model risks data loss.
  2. For a full replacement to be successful, you cannot replace a Performance mode vTPS with a Normal mode vTPS.
  3. For SSL inspection, the replacement device must be capable of performing SSL inspection. These devices do not support SSL inspection: vTPS device deployed in Normal Mode, 440T, and 1100TX.

General clarifications
  • X-Family devices are not supported as either device.
  • Core Controller is not supported as either device.
  • The old model cannot be running a newer TOS than the new model.
  • Segments - Data loss occurs if the new device has fewer segments than the old device. For example, when a device with four segments is replaced by a device with two segments, events and settings related to the additional segments, if configured on the original device, are lost.
    • New model has more segments - Because the models are not the same and the new device has extra segments, the new segments are not configured. Extra segments are placed in the Default segment group.
    • New model has fewer segments - Because the models are not the same and the new device has fewer segments, the SMS cannot copy all segment/port setting to the new device. Therefore, the configuration of the common segments is copied and the remaining segments are dropped or removed from the SMS.
  • DDoS - Possible data loss occurs if the new device does not support DDoS and the old device is configured for DDoS. If the new model is not the same as the old model:
    • And the old model supports DDoS and the new model does not, then DDoS functionality is removed.
    • Virtual segments are removed.
    • And the old model has more physical segments than the new model, information is lost.
  • Profile distribution - Auto redistribution of profiles is not supported.
  • Device users - A replacement device does not inherit device users. All device users must be added back manually.
  • FIPS settings - You cannot replace FIPS Settings on a device.
  • Remote authentication - RADIUS authentication settings and servers remain only if the replacement device supports RADIUS authentication. SMS authentication settings are not inherited when a TPS device replaces an IPS device.
  • New model cannot use same IP address as old model - If the old model is still online, you cannot use the same IP address and must choose a different one for the new model. If the TOS versions are not the same, you must upgrade to the newer version. After you upgrade your IPS device, you can give the old device and new IP Address and place it in another area of the network.
Replace an IPS device with an NX device
  • Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
  • If the first NX slot does not contain a module, data from the previous model is lost.
  • Data from the previous model is lost for any ports/segments that exceed the number of NX module ports/segments.
Replace an NX device with another NX device
  • Port/segment info from the previous model is mapped to NX modules beginning with the module in the first NX slot.
  • If either of the NX models has a different slot configuration, data may be lost.
  • Data is not mapped to or from models with a blank slot and is lost.
Port configuration considerations

When you replace a device with another device that has a different port configuration, the SMS may attempt to push the port configuration for the old device to the new device. If this happens, unmanage the device, use the CLI or LSM to disable auto-negotiate for each port, and then remanage the device. You will need to redistribute any profile that was distributed to the device after you remanage it.
 
Old DeviceNew DeviceDevice Replace Behavior
IPSIPSNo Change
IPSIPS (NX-Platform)All of the device configurations except for port configuration will be copied to the new device. The NX-Platform device I/O modules are very different from previous IPS devices.
IPS (NX-Platform)IPS (NX-Platform)All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.
IPS (NX-Platform)TPS (TX Series)All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.
TPS (TX Series)TPS (TX Series)All of the device configurations are copied to the new device if the I/O module types are the same. If the I/O module types are different, then the port configuration will not be copied.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000137647
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.