Prisma SD-WAN
Replace a FIPS-enabled ION Device
Table of Contents
Replace a FIPS-enabled ION Device
Replace a Prisma SD-WAN ION device to begin the RMA process.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Before you begin the RMA process:
- Make sure that the replacement device is able to connect to the Prisma SD-WAN controller. This may require you to have access to
the device through the web interface or have the device connected to an out of
band management network.
- If the device is able to get an IP through DHCP on the Internet / Used for Public port which allows it to connect to the Prisma SD-WAN controller, then no action is required and the device should come online automatically.
- If the device is able to get an IP through DHCP on the Controller port which allows it to connect to the Prisma SD-WAN controller, then no action is required and the device should come online automatically.
- If the device needs to have an IP configured statically on the Internet / Used for Public or Controller port, then you must console into the device and configure the IP address.
- Make sure that you have out-of-band access available for the replacement device to connect to the Prisma SD-WAN controller.
- If the out-of-band access is using DHCP to acquire IP addresses, connect the circuit to the internet port and wait till the replacement device comes online, before replacing the failed device.
- If the IP address needs to be statically configured, console into the device and configure the IP address for the controller or the internet port.
- Ensure the following with the replacement device:
- It is in a claimed and online state, and visible under .
- It is the same device model and has matching bypass pairs as that of the failed device.
- It has the same software version as that of the failed device.
- The RMA wizard attempts to transfer all configurations from the failed device to
the replacement device. However, there are a few conditions that requires manual
intervention. The RMA wizard transfers all configurations with the exception of
the particular configuration items listed in the scenarios below.
- Public/Internet Interface—If the replacement device internet or used-for-public interface is pre-configured with Static IP configuration, the RMA wizard will not overwrite this configuration in the replacement device. In addition, if this interface is a potential member of a bypass pair or a virtual interface, then the bypass pair or the virtual interface will not be created in the replacement device.
- PPPoE—If the replacement device is pre-configured with PPPoE interfaces, the RMA wizard will not update or remove any existing PPPoE interfaces from the replacement device.
- Bypass Pairs—If the WAN port of a decoupled hardware bypass pair and the controller port on the failed device is DHCP-configured, then any matching bypass pairs on the replacement device will not be decoupled and the configuration of its member ports will not be transferred over to the replacement device. In such an event, the bypass pair will have to be decoupled and its member ports configured manually after the RMA process.
- IPv6 Interface—If the existing device has IPv6 configured, then IPv6 interface address configurations will not be active on the replacement device. To activate the IPv6 interface address configurations on the replacement device, Admin Up/Down the interface for the replacement device and a new alarm DEVICEIF_IPV6_ADDRESS_DUPLICATE triggers as a reminder. In non-RMA scenarios DEVICEIF_IPV6_ADDRESS_DUPLICATE indicates duplicate address.
- Advanced UI (Extension API)—If any of the Prisma SD-WAN
Advanced UI features reference a VPN ID, settings for the following
features will not be transferred over automatically. Contact Prisma SD-WAN Customer Support for assistance with
properly transferring over the settings to the replacement device.
- Bi-directional Forwarding Detection (BFD).
- Link Quality Monitoring (LQM)—Type (namespace) 'thresholds/lqm/media'.
- Application Performance Thresholds that reference an optional VPN path ID.
- Select , select the device you want to configure.From the ellipsis menu, select Replace the device to begin the RMA process.Select a replacement device.There may be multiple replacement devices, so make sure to select the correct device.Confirm that the devices are of the same model. For example, an ION 3000 device can only be replaced by another ION 3000 device, or a virtual device can only be replaced by another virtual device that consists of the same bypass pairs.Click Next to choose a Snapshot for the new device.The replacement device must be online and claimed for the Snapshot to be applied.After the snapshot is created, click Download Snapshot Before Continuing.Select Download to File or Copy to Clipboard as required.Click Next to continue after you have downloaded the snapshot.Assign the replacement device to the site.The RMA Wizard will take the site information from the failed device and transfer it to the replacement device. When the replacement device is assigned to the site and the faulty device is unassigned, the service may be affected temporarily.Click Next to proceed to configuring the device.Click Done when you have copied the manual configurations to complete the replacement process.The RMA Replacement Wizard automatically transfers the configuration from the old device to the new device. There may be flags for the functions that need to be manually configured. Configurations that are not copied will be listed in a text box.A final screen displays when the device is successfully configured. In case of any warnings, download the warnings before you exit the wizard.Click Done to finish the device replacement process.
