Jump to:navigation, search
Wiki

Replace core/satellite UTMs

From Securepoint Wiki




























In dieser Seite werden die Variablen für unterschiedliche Sprachen definiert.
Diese Seite wird auf folgenden Seiten eingebunden






















Procedure for replacing a core or satellite UTM with an existing VPN configuration (ASC)

New article with version: 2.5

notempty
This article refers to a Beta version
-
Access: portal.securepoint.cloud  Unified Security Console  VPN-Konfiguration

Introduction

This function offers the option of replacing the core as well as a satellite UTM in an existing VPN configuration (Adaptive Secure Connect ASC) without losing settings or even having to create a new VPN configuration.

This makes it possible, for example, to replace a faulty or failed UTM in a VPN configuration so that this configuration works again.

It is irrelevant whether the UTM to be replaced is online or not.
It is not possible to replace a Satellite UTM directly with a Core UTM and vice versa. This requires another third UTM as a placeholder UTM.

Necessity of backups

notempty
Before the new UTM can be exchanged, strongly recommends to create a new backup of the old UTM!
It is irrelevant whether it is a manual backup (more information on this in this Wiki article) or a cloud backup.
Note: No backup no pity!

General procedure

Procedure for replacing a UTM:

  1. Check that the backup of the old UTM is up to date
  2. For actions   Exchange UTM for the core/satellite UTM to be exchanged
  3. the new UTM is selected in the Replace Core-UTM or Replace Satellite-UTM dialog box for the UTM option
  4. if desired, the core/satellite UTM can be edited, see edit Core-UTM, or edit Satellite-UTM
  5.  Save and then click  Publish to publish the change to the VPN configuration

Replace failed UTM

To replace a failed UTM that is integrated in a VPN configuration, either a cloud backup or a local backup is required.
There are two ways to restore this backup to a UTM and thus replace the failed UTM with a new UTM.

Option 1: Cloning

The cloud backup of the failed UTM is uploaded to a new UTM. This UTM is cloned, so to speak. This is the procedure for this option:

  1. Set up a new UTM and use the license of the failed UTM when setting up this UTM
  2. The new UTM should be in the same environment as the failed UTM
  3. The last
    so the most recent
    download cloud backup of the failed UTM
  4. Install this cloud backup on the new UTM
    • If the UTM configuration of the cloud backup is included in the VPN configuration, it will be used again for this purpose
  5. Replace the failed UTM with the cloned UTM exchange
notempty
If a UTM was cloned with an outdated backup, errors may occur in the VPN configuration of core UTMs due to missing configurations of satellites or roadwarriors, which are displayed when the topology is published. In this case, errors can also occur with satellites when publishing.

Option 2: Exchange with another UTM

Download the latest
that is, the most recent
Download cloud backup from the Reseller Portal (RSP)
For more information, see following wiki article
or use a locally backed up configuration
  1. Load this configuration onto the UTM that is to serve as a replacement and then activate this configuration
  2. The replacement UTM should be in the same environment as the failed UTM
  3. In the Unified Security Portal (USP)  Unified Security Console VPN configuration , select the VPN configuration (ASC) with the failed UTM
  4. Replace the failed UTM with the replacement UTM exchange
notempty
If the core UTM is to be replaced, the imported backup must contain the VPN configuration for all currently integrated satellites and pools. The backup of a satellite UTM must also already contain the information for the integration of this UTM into the VPN configuration.
 notempty
Always use the last backup that was created!

Configuration not available

If a corresponding configuration from a (cloud) backup is not available, the exchange via the portal is prevented in this case.
Then the following is necessary:

  • Include failed UTM as a satellite: This UTM is removed from the configuration and a new UTM is added
  • Failed UTM integrated as Core: The entire configuration must be deleted and recreated

UTM rules

  • If all required network objects are present in the backup, the created rules remain included and can be republished after the exchange
  • If network objects are missing, the affected rules are marked accordingly with an error
notempty
If the configuration is published, these rules are ignored.
It is possible to edit these rules and select or create other network objects so that these rules are also valid again and can be published.
Retrieved from "https://wiki.securepoint.de/index.php?title=USC/VPN/Core-Satellite-UTMs-austauschen&oldid=96627"