Doubling a Zyxel appliance for critical sites

GiuseppeR

Hello,

I bought and I'm going to buy some extra spare wheels for critical sites where I need to have a quick recovery for network management.

It is related to firewalls, switches and APs mainly.

Just to make you 2 examples.

1. A firewall of a customer goes down, maybe burned maybe failed I don't know. I have a large firewall (3-4 WANs) to give it to the customer temporarily, just to have the time to receive the one the customer chooses to pay. Is there a quick way to copy all the settings (LANs, VLANs, WANs etc.) and replace the small firewall with my larger firewall? It would be great to unscrew some screws, copy the config, attach some cables and everything is online in less than 30 mins.
2. I have a customer that goes from USGFLEX100 to USGFLEX200 and so on, is there a way to migrate every config from 100 to 200 with some clicks?

Please let me know, have a nice day

GiuseppeR

Hello everyone,

this is the solution to my question.

You have the CompanyABC where you have the firewall working.

Guess you have to replace a USG100 to go for a USG200.

So on Nebula webpage you have CompanyABC with USG100 that we are going to name like FirewallA.

You have to create a SiteB where to enable and configure and test the new firewall (the USG200 named FirewallB).

So this is the topology:

CompanyABC → SiteA → FirewallA

CompanyABC → SiteB → FirewallB

You copy all the configs from FirewallA to FirewallB and you can test them unplugging WAN and LAN cables directly on premise from FirewallA and plugging them to FirewallB.

Consider to put them in the same order regarding ports usage.

So you know that the new firewall is working properly with hardwares and connections you have.

You have to go to CompanyABC → Devices and there you remove FirewallA from SiteA.

No fear because you have cables plugged into FirewallB and everything is working.

SiteA will loose firewall, but you will keep your job because the transition is quite smooth.

Now you have to move FirewallB to SiteA (always from CompanyABC → Devices) and there you have to change site assignment.

The Nebula webpage will ask you to initialize FirewallB like it is fresh new, just unboxed.

Follow the wizard about zero configuration (so you will see a *.json sent you via email).

Feel safe because it seems that you are going to shit yourself but in reality the FirewallB just added to SiteA will work correctly once adopted in SiteA (about 5 minutes) without reconfiguring it from zero.

Now you have FirewallB working into SiteA.

Rename FirewallB accordingly to your needs.

Go to have a coffe and relax.

PS: the old firewall needs a reset, so erase it for safety and recycle it to be a green compliant IT

Zyxel_Cooldia

Hi @GiuseppeR ,

You can achieve this through Organization-wide > Organization-wide manage > Configuration management.
As for migration from USGFLEX100 to USGFLEX200, you need to set up from scratch; it is unable to migrate configuration directly from NCC.

GiuseppeR

Hi @Zyxel_Cooldia

Using "Organization-wide > Organization-wide manage > Configuration management" I can copy every setting but I have to double the site: so "Company > Site" could be synced to "Company > Site2"

So my temporary firewall could be set as Site2 to let the customer works while he decides what to buy.

In this case could be possible to sync the settings from USGFLEX100 to USGFLEX200 or it is unavailable in any scenario?

GiuseppeR

Hi @Zyxel_Cooldia

I added a second firewall to one of my Company.

I had to create a secondary site where to config the new firewall because it was impossible to add the newer firewall to the active site (where I have APs, Switches and so on).

Have I to configure the firewall in the secondary site, then remove the old firewall from the first site, then add the secondary firewall (just configured) to the first site?

During this process my config (WANs, LANs IPs etc.) are going to be lost?

Thanks in advance

GiuseppeR

Hello everyone,

this is the solution to my question.

You have the CompanyABC where you have the firewall working.

Guess you have to replace a USG100 to go for a USG200.

So on Nebula webpage you have CompanyABC with USG100 that we are going to name like FirewallA.

You have to create a SiteB where to enable and configure and test the new firewall (the USG200 named FirewallB).

So this is the topology:

CompanyABC → SiteA → FirewallA

CompanyABC → SiteB → FirewallB

You copy all the configs from FirewallA to FirewallB and you can test them unplugging WAN and LAN cables directly on premise from FirewallA and plugging them to FirewallB.

Consider to put them in the same order regarding ports usage.

So you know that the new firewall is working properly with hardwares and connections you have.

You have to go to CompanyABC → Devices and there you remove FirewallA from SiteA.

No fear because you have cables plugged into FirewallB and everything is working.

SiteA will loose firewall, but you will keep your job because the transition is quite smooth.

Now you have to move FirewallB to SiteA (always from CompanyABC → Devices) and there you have to change site assignment.

The Nebula webpage will ask you to initialize FirewallB like it is fresh new, just unboxed.

Follow the wizard about zero configuration (so you will see a *.json sent you via email).

Feel safe because it seems that you are going to shit yourself but in reality the FirewallB just added to SiteA will work correctly once adopted in SiteA (about 5 minutes) without reconfiguring it from zero.

Now you have FirewallB working into SiteA.

Rename FirewallB accordingly to your needs.

Go to have a coffe and relax.

PS: the old firewall needs a reset, so erase it for safety and recycle it to be a green compliant IT