Replace a PA-7500 Series Firewall SFC in a NGFW Cluster
Expand all | Collapse all
Replace a PA-7500 Series Firewall SFC in a NGFW Cluster
Learn how to remove and replace a PA-7500 SFC in a NGFW clustering
configuration.
(
If the faulty SFC still works and the node is connected to
Panorama)
Suspend the node either by using Panorama or the following CLI command:
request cluster node state suspend.
Wait until the node is in the Suspended state. Verify the state using
the following CLI command: show cluster local
state.
Power off the firewall.
After the factory reset has completed, connect to the
MPC through the serial
console and re-configure the management IP address.
Commit the change and verify that there is a
management network connection.
Reconfigure your network settings such as hostname, management IP, and DNS
servers.
Connect to the firewall's management IP and retrieve the license for the
device. Upgrade the device to the same software version as the former node of
the cluster.
Reconfigure your Panorama server and
commit the changes.
Verify that the node is connected.
After the node has reconnected to Panorama, issue the following command to
initiate the cluster update to the node: request cluster-update name
[cluster_name]. Once the update is finished, the node
reboots.
Use either Panorama or the CLI to push the firewall cluster from Panorama to
the cluster on the node.
- Panorama— Select Commit, then
Push to Devices. Select the firewall cluster
tab, then Push the cluster configuration.
- CLI— Enter the following command: commit-all
firewall-cluster name [cluster_name].
Use the following command to monitor the
cluster setup progress: show cluster local
state.
Verify that all the nodes in the cluster are online by issuing the following
command: show cluster nodes.
From Panorama, re-push the template and device-group settings to the cluster.
Select Commit, then Push to
Devices.
