You can change the control IP address of an Secure SD-WAN Engine to a new address that belongs to the same network as the old address.
The new control IP addresses of IPS engines and Layer 2 Engines must always belong to the same network as the existing control IP
addresses. If management connectivity is no longer needed, change the control IP address in the SMC and reinitialize the Secure SD-WAN Engine through the command line using a new one-time password. 
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
If you have an IP-address-bound license for the Secure SD-WAN Engine, request a new Management Server POL code bound license at https://stonesoftlicenses.forcepoint.com.
This change is required, because IP-address-bound licenses are no longer supported.
-
Install and bind the new license to the Secure SD-WAN Engine.
-
In the Engine Editor, create an interface for the new IP address and set the address as the backup control IP address.
-
Install the policy on the Secure SD-WAN Engine.
From this point on, you can start using the new address in the network.
-
In the Engine Editor, set the old and new control IP addresses as the backup and primary control IP addresses, respectively.
Note: If your Secure SD-WAN Engine cannot use the old and new control IP addresses simultaneously, remove the old control IP address from the
Interfaces pane in the Engine Editor. Also remove the corresponding network from the
Routing pane in the Engine Editor.
-
Click
Save
and Refresh.
-
Remove the old control IP address from the
Interfaces pane and the
Routing pane in the Engine Editor.
-
Click Save
and Refresh again.
Note: If the connection with the Management Server is lost while you try to change IP addressing, run the Secure SD-WAN Configuration Wizard (sg-reconfigure) on the Secure SD-WAN Engine command line. This action returns the Secure SD-WAN Engine to
the initial configuration state and re-establishes initial contact between the Secure SD-WAN Engine and the Management Server.