Replace the Network Module with a Different Type

If you replace a network module with a different type, then a reboot is required. If the new module has fewer interfaces than the old module, you will have to manually remove any configuration related to interfaces that will no longer be present.

For clustering or High Availability, you can only perform chassis operations on the control node/active unit.

Before you begin

For High Availability, you cannot disable a network module if the failover link is on the module. You will have to break High Availability (see Break a High Availability Pair), which means you will have downtime when you reboot the active unit. After the units finish rebooting, you can reform High Availability.

Procedure

Step 1	For clustering or High Availability, perform the following steps. Clustering—To avoid downtime, you can break each node one at a time so it is no longer in the cluster while you perform the network module replacement. You will add the node back to the cluster after you perform the replacement. High Availability—To avoid failing over when you replace the network module, disable interface monitoring for interfaces on the network module. See Configure Standby IP Addresses and Interface Monitoring.
Step 2	From Devices > Device Management, click Manage in the Chassis column. For clustering or High Availability, this option is only available for the control node/active unit; network module changes are replicated to all nodes. Manage Chassis The Chassis Operations page opens for the device. This page shows physical interface details for the device.
Step 3	On the interfaces graphic, click the slider () to disable the network module. Disable the Network Module Do not save any changes on the Interfaces page. Because you are replacing the network module, you do not want to disrupt any existing configuration.
Step 4	You are prompted to confirm that you want to turn the network module off. Click Yes. Confirm Disable
Step 5	On the device, remove the old network module and replace it with the new network module according to the hardware installation guide.
Step 6	Reboot the firewall; see Shut Down or Restart the Device. For clustering or High Availability, reboot the data nodes/standby unit first, and wait for them to come back up. Then you can change the control node or active unit (see Switch the Active Peer in the Threat Defense High Availability Pair), and reboot the former control node/active unit.
Step 7	In the management center, click Sync Modules to update the page with the new network module details.
Step 8	Enable the new module by clicking the slider (). Enable the Network Module
Step 9	You are prompted to confirm that you want to turn the network module on. Click Yes. Confirm Enable
Step 10	Click the link in the message at the top of the screen to go to the Interfaces page to save the interface changes. Go to Interface Page
Step 11	If the network module has fewer interfaces: At the top of the Interfaces page, click Click to know more. The Interface Changes dialog box opens. View Interface Changes Interface Changes Click Validate Changes to make sure your policy will still work with the interface changes. If there are any errors, you need to change your policy and rerun the validation. Deleting an interface that is used in your security policy can impact the configuration. Interfaces can be referenced directly in many places in the configuration, including access rules, NAT, SSL, identity rules, VPN, DHCP server, and so on. Deleting an interface will delete any configuration associated with that interface. Policies that refer to security zones are not affected. Click Close to return to the Interfaces page.
Step 12	To change the interface speed, see Enable the Physical Interface and Configure Ethernet Settings. The default speed is set to Detect SFP, which detects the correct speed from the SFP installed. You only need to fix the speed if you manually set the speed to a particular value and you now need a new speed.
Step 13	Click Save to save the interface changes to the firewall.
Step 14	If you had to change any configuration, go to Deploy > Deployment and deploy the policy. You do not need to deploy just to save the network module changes.
Step 15	For clustering or High Availability, perform the following steps. Clustering—Add the node back to the cluster. High Availability—Reenable interface monitoring for interfaces on the network module. See Configure Standby IP Addresses and Interface Monitoring.