Change Both Management Center and Threat Defense IP Addresses

Step 1

Disable the management connection.

1. Choose Devices > Device Management.

2. Next to the device, click Edit ().

3. Click Device, and view the Management area.

4. Disable management temporarily by clicking the slider so it is disabled ().

   

   You are prompted to proceed with disabling management; click Yes.

   

Step 2

Change the device IP address in the management center to the new device IP address.

1. Edit the Remote Host Address IP address and optional Secondary Address (when using a redundant data interface) or hostname by clicking Edit ().

   

2. In the Management dialog box, modify the name or IP address in the Remote Host Address field and the optional Secondary Address field, and click Save.

   

Step 3

Change the management center IP address.

1. Choose System () > Configuration, and then choose Management Interfaces.

2. In the Interfaces area, click Edit next to the interface that you want to configure.

3. Change the IP address, and click Save.

Step 4

Change the manager IP address on the device.

1. At the threat defense CLI, view the management center identifier.

   show managers

   Example:

   
   > show managers
   Type                      : Manager
   Host                      : 10.10.1.4
   Display name              : 10.10.1.4
   Identifier                : f7ffad78-bf16-11ec-a737-baa2f76ef602
   Registration              : Completed
   Management type           : Configuration
    

2. Edit the management center IP address or hostname.

   configure manager edit identifier {hostname {ip_address | hostname} | displayname display_name}

   If the management center was originally identified by DONTRESOLVE and a NAT ID, you can change the value to a hostname or IP address using this command. You cannot change an IP address or hostname to DONTRESOLVE .

   Example:

   
   > configure manager edit f7ffad78-bf16-11ec-a737-baa2f76ef602 hostname 10.10.5.1
   
   

Step 5

Change the IP address of the manager access interface at the console port.

Step 6

Reenable management by clicking the slider so it is enabled ().

For a high-availability pair or cluster, perform these steps on all units.

Step 7

(If using a data interface for manager access) Refresh the data interface settings in the management center.

1. Choose Devices > Device Management > Device > Management > Manager Access - Configuration Details, and click Refresh.

2. Choose Devices > Device Management > Interfaces, and set the IP address to match the new address.

3. Return to the Manager Access - Configuration Details dialog box, and click Acknowledge to remove the deployment block.

Step 8

Ensure the management connection is reestablished.

In the management center, check the management connection status on the Devices > Device Management > Device > Management > Manager Access - Configuration Details > Connection Status page.

At the threat defense CLI, enter the sftunnel-status-brief command to view the management connection status.

The following status shows a successful connection for a data interface, showing the internal "tap_nlp" interface.

Step 9

(For a high-availability management center pair) Repeat configuration changes on the secondary management center.

1. Change the secondary management center IP address.

2. Specify the new peer addresses on both units.

3. Make the secondary unit the active unit.

4. Disable the device management connection.

5. Change the device IP address in the management center.

6. Reenable the management connection.