Restoring a configuration backup from a cluster with different Network Interface Settings does not issue a warning that the network interfaces have been changed.

Article:TECH122457  |  Created: 2010-01-15  |  Updated: 2012-04-29  |  Article URL http://www.symantec.com/docs/TECH122457
Article Type
Technical Solution


Issue



You have a backup of a firewall configuration that has different Network Interface settings then the firewall where the configuration is being restored. The restore process does not issue a warning that the network interfaces have been changed. If the network interfaces do not match the rules that are defined in that configuration, the configuration will not activate.

Symptoms
After restoring a configuration from a firewall cluster with different network interface settings, no warning is issued that the network interfaces have been changed. If the network interfaces do not match the rules that are defined in that configuration, the configuration will not activate.


 


Cause



This is working as designed.


Solution



To resolve the issue you will need to modify the network interface settings or rules in the firewall and then save and activate the changes.

We recommend that you maintain current backups of your firewall's at regular intervals, both before and after making any other changes to the firewall configuration.

When restoring a configuration to the firewall, be sure to use the configuration that represents the last state of the firewall.



Technical Information
 

Reference: SGS_Administrators.pdf
Topic : High availability and load balancing using clusters.
Section : Validating backed up cluster configurations that use VIPs.

The document above gives the complete description of the scenario.
The document specifies as below:
"The restore process determines and issues a warning when rules with entities
that represent VIPs are present. If you want to validate the configuration,
regardless of the warning, the configuration may not validate, and you must
manually update your entities and rules to correct the situation."




 



Legacy ID



2010011508093054


Article URL http://www.symantec.com/docs/TECH122457


Terms of use for this information are found in Legal Notices