You can change the control IP address of an Engine to a new address that belongs to the same network as the old address.
The new control IP addresses of IPS engines and Layer 2 Firewalls must always belong to the same network as the existing control IP
addresses. If management connectivity is no longer needed, change the control IP address in the Secure SD-WAN Manager and reinitialize the Engine through the command line using a new one-time password. For more details about the product and how to configure features, click Help or
press F1.
Steps
-
If you have an IP-address-bound license for the Engine, request a new Management Server POL code bound license at https://stonesoftlicenses.forcepoint.com.
This change is required, because IP-address-bound licenses are no longer supported.
-
Install and bind the new license to the Engine.
-
In the Engine Editor, create an interface for the new IP address and set the address as the backup control IP address.
-
Install the policy on the Engine.
From this point on, you can start using the new address in the network.
-
In the Engine Editor, set the old and new control IP addresses as the backup and primary control IP addresses, respectively.
Note: If your Engine cannot use the old and new control IP addresses simultaneously, remove the old control IP address from the
Interfaces pane in the Engine Editor. Also remove the corresponding network from the
Routing pane in the Engine Editor.
-
Click Save and Refresh.
-
Remove the old control IP address from the
Interfaces pane and the
Routing pane in the Engine Editor.
-
Click Save and Refresh again.
Note: If the connection with the Management Server is lost while you try to change IP addressing, run the Engine Configuration Wizard (sg-reconfigure) on the Engine command line. This action returns the Engine to
the initial configuration state and re-establishes initial contact between the Engine and the Management Server.