Hai all!
SO!
snazzy new internet upgrade happens... woohoo....
however now my firewall pair's wan interface is no longer fast enough to consume the additional bandwidth.
Fortunately, my firewall pair **DOES** have available and unutilized interfaces which ARE capable (copper 10G)
(I'm using the 10G SFP interfaces on it currently)
so in specific:
- igb0 **Heartbeat**
- igb1 **current WAN**
- igb2 **secondary unconfigured wan ((project for tomorrowland/not in scope here))**
- igb3 **virtual endpoint vlan**
- ixl0 *currently unused*
- ixl1 *currently unused*
- ixl2 **LAGG0.0**
- ixl3 **LAGG0.1**
- lagg0 (many vlan interfaces for internal traffic)
so both firewalls have the above rough topology.
essentially I want to identify the least problematic way to accomplish the goal of
move everything interacting with the physical connection 'igb1' to the physical connection 'ixl0'
on the firewall pair.
I can certainly cease using the standby for a bit
(ie power it off to prevent wobbly bits from making things harder than they need to be while reconfiguring)
but I'm not sure what the best way forward is...
I have a couple ideas, but before grabbing the scissors, blindfold, and running shoes, It felt prudent to reach out here and ask what others' experience has been.
anyone have any guidance or experience they care to share?
Schedule a maintenance window, then while connected from an internal interface go to
Interfaces > Assignments
change the WAN assignment from igb0 to ixl0, save, apply, done. I would reboot to be sure, hence the maintenance window.
That's the reason why there is an additional abstraction layer (Assignments) between IP addresses, rules, ... and physical interfaces. Everything configured for WAN will carry over, you are only changing the physical port.
I'd **HOPED** it would be this simple; but you know how it goes.... there's almosty always .....
Wibbly bits.
'this mostly works, unless you have HA configured alongside _service-here_ and....'
kinds of things ;)
(For example, if you set the heartbeat crossover interface to have an MTU > 1500 things can go kinda pear shaped)
appreciate the $.03. hopefully it'll be as straight forward as we want it to be ;)