I´m about to setup a Warm Spare MX and have some questions. Today I´m using a single public IP-address for WAN communication and firewall NAT-rules. I only have one ISP today, but I have multiply public IP-addresses on the same network. The ISP can configure one more switch port for WAN communication to the Warm Spare.
My question is how to proceed with the installation steps.
I want to use the same public IP-address that is used today as VIP address in HA mode.
I guess that the first step would be to change primary WAN 1 on today’s MX to a new free IP address? Because the same address on WAN and VIP can’t be used in the HA solution?
Then set another free IP-address on the WAN1 for the Warm Spare MX.
Followed by configure Warm spare settings VIP in the GUI with the old public IP address.
And then connect the Warm spare through LAN to the same switch as the primary MX.
So, it gets the configuration and heartbeat before I connect the public WAN.
Anyone who could confirm I can do these changes without need of reconfigure the primary NAT?
And then connect the Warm spare to the same switch as the primary MX. So, it gets the configuration and heartbeat before I connect the public WAN.
You're right on the money, except for that. The config comes from the cloud, not the other MX. Connect the WAN first to let it update and get config, then connect the LAN. It's OK for it to be split brain if the LAN isn't connect since it can't confuse clients. Once it has it's firmware and config you can connect the LAN and VRRP will sort things out accordingly.
See, you connect the WAN of the new secondary, but not the LAN.
And then after it's all configured and upgraded by the cloud you can connect the LAN port. When the new secondary detects the VRRP heartbeats from the Primary it will settle into being the Standby unit.