Best practice for preparing a back up FWG?

Follow

David Rothenberger

• August 18, 2022 17:17

I have been using a FWG for a couple of months now, and absolutely love it, but recently, I became worried about what would happen if it fails, so I purchased another FWG as a back-up.

What is the best practice for preparing this unit as a back-up unit that I can swap in for the primary unit if it fails? Should I leave it in the box and untouched until I need it? Should I connect it to my network and pair the app with it?

Any suggestions would be appreciated.

0

• 

  Michael Bierman

  • August 18, 2022 17:18

  You could look at Migrating the settings from the current one to the backup. https://help.firewalla.com/hc/en-us/articles/360015356093-How-to-migrate-data-from-one-Firewalla-Box-to-another-

  0

  Comment actions Permalink
• 

  David Rothenberger

  • August 18, 2022 17:33

  Thanks for the response, Michael.

  Can you see any reason to "migrate" to the back-up box before the primary box fails? It doesn't seem to me like there would be any value in doing so.

  0

  Comment actions Permalink
• 

  Michael Bierman

  • August 18, 2022 22:16

  Yes, the idea would be all rules, devices, Groups etc would already in place and it would be nearly unnoticeable if you had to swap in a new box. 
  
  If I had an environment where uptime was critical and money wasn't an issue I would consider having a backup Firewalla that I regularly "sync" to the primary one so that I could plug it in and it would be ready to go. 

  0

  Comment actions Permalink
• 

  David Rothenberger

  • August 18, 2022 22:35

  Uptime is not critical -- I can handle an hour downtime to switch over. Money is an issue, but since I work from home and since it takes over a week to deliver a new FWG, I really can't afford an FWG failure without having a back-up.

  (I replaced a custom-built Linux VM with the FWG, and the Linux VM is no longer around, so I don't have a back-up at all. I don't even have a simple router from my ISP.)

  I guess I'll try swapping to the back-up device and then back to the primary this weekend, to get familiar with the process and to see how long the migration actually takes. That should help me decide how frequently I need to "sync" the back-up device.

  Thanks again for your input, Michael.

  0

  Comment actions Permalink
• 

  Michael Bierman

  • August 18, 2022 22:45
  • Edited

  Migration takes only a few minutes. You can hook up FW2 behind FW1 and tell it to migrate. You could do that 1/week or whenever you make substantial changes (new rules, new devices, whatever.) I don't think it will get in the way of FW1 working so you can start the process and continue with your work. 

  Sticking in a "clean" firewalla on the other hand will be somewhat disruptive. things won't work as you might expect if you have any kind of customizations, rules, etc. 

  0

  Comment actions Permalink
• 

  David Rothenberger

  • August 18, 2022 23:20

  I followed your advice and everything worked out well. I simply connected the WAN port of FW2 to the network managed by FW1, and set it up that way, including migrating the config from the app and copying my customizations over. FW1 was not affected at all.

  I did not connect the LAN port, but everything worked okay anyway. I would have to do a little configuration to do the swap, since my FW1 has a 3 port LAG for LAN, but that should be easy and quick.

   

  0

  Comment actions Permalink

Please sign in to leave a comment.