Hi all,
I am preparing an ASG220 for a replacement of an old Checkpoint 4.1.
As the customers network is quite complex and the downtime has to be minimized I wondered what to do with the arp.
We plan to replace the appliance at 5 p.m. and have only time until 6 p.m.
If the main function then do not work properly we have to switch back to the old CP.
So there are quite some switches and router (probably old and each different) that have arp entries of the old CP firewall.
The easiest way to avoid having to reboot the switches/router seems to prepare the ASG220 interfaces with the mac address of the old CP firewall.
I found a thread that describes the howto:
[SIZE=2][/SIZE]https://community.sophos.com/products/unified-threat-management/astaroorg/f/52/t/25562
[SIZE=2]Here are your exact steps to modify Astaro's boot sequence (NIC Initialization) for MAC spoofing:
1) log into the console as root (or ssh, then su to root)
2) type, "source /etc/profile" (get yourself a nicer environment)
3) type, "vi /etc/init.d/initnics"
4) insert line, "ip link set eth1 address 00:90:27:99:4E:96 >/dev/null 2>&1", above the line, "/usr/local/bin/setitfhw.pl >/dev/null 2>&1" (use your nic and mac address though)
5) save the script, and reboot
6) enjoy your cleanly hacked system
As I do not want to loose the support I wonder if that modification would be tolerable by Astaro or if there would be a different method to avoid arp problems while we replace the box.
Any Ideas and comments are welcome.
Cheers
Christo
[/SIZE]
This thread was automatically locked due to age.