Replace a Primary Threat Defense HA Unit with no Backup

Follow the steps below to replace a failed primary unit in the threat defense high availability pair. Failing to follow these steps can overwrite the existing high availability configuration.

Caution

Creating or breaking the threat defense high availability pair immediately restarts the Snort process on the primary and secondary devices, temporarily interrupting traffic inspection on both devices. Whether traffic drops during this interruption or passes without further inspection depends on how the target device handles traffic. See Snort Restart Traffic Behavior for more information. The system warns you that continuing to create a high availability pair restarts the Snort process on the primary and secondary devices and allows you to cancel.

Caution

Never move a disk from sensor or management center to another device without reimaging the disk. This is an unsupported configuration and can cause breakage in functionality.

Procedure

Step 1

Choose Force Break to separate the high availability pair; see Break a High Availability Pair.

Note

The break operation removes all the configuration related to HA from threat defense and management center, and you need to recreate it manually later. To successfully configure the same HA pair, ensure that you save the IPs, MAC addresses, and monitoring configuration of all the interfaces/subinterfaces prior to executing the HA break operation.

Step 2

Unregister the failed primary threat defense device from the management center.

Step 3

Register the replacement threat defense to the management centerPrerequisites to Onboard a Device to Cloud-delivered Firewall Management Center.

Step 4

Configure high availability, using the existing secondary/active unit as the primary device and the replacement device as the secondary/standby device during registration; see Add a High Availability Pair.