|
7 | 7 |
|
8 | 8 | Prework task list: |
9 | 9 | ****************** |
10 | | -1. Create the new sub-interface on the new L3out with access of [ping, FM]. |
| 10 | +1. Create the new sub-interface on the new L3out with access to [ping, FM]. |
11 | 11 | 2. Associate the new Sub-interface into existing Zone-interface / create the new Zone-interface. |
12 | | -3. Configure the static route next-hop to the new L3out. |
13 | | -4. Create/modify the access-list and update the prefixes into access-list. |
14 | | -5. Only update the new prefixes into the access-list, even if we run multiples time the same script, to avoid duplicate prefix entries in the access-list. |
15 | | -6. Create/update the route-map, finally associate the access-list into the route-map. |
16 | | -7. In OSPF, associate route-map filter on static redistribution. |
| 12 | +3. Configure the new static route with next-hop of new L3out. |
| 13 | +4. Create/modify the access-list and update the news prefixes into access-list. |
| 14 | +5. Condition: Append only the new prefix into access-list, even if we run multiples time the same script, this will avoid duplicate prefix entries in the access-list. |
| 15 | +6. Create/update the route-map, and then associate the access-list into route-map. |
| 16 | +7. In OSPF, associate route-map filter with static redistribution enabled. |
17 | 17 | 8. Push all the configuration to the Fortigate appliance. |
18 | 18 |
|
19 | | -Cutover plan: |
| 19 | +Cutover plan: Traffic will swithover via new L3out interface. |
20 | 20 | *********** |
21 | 21 | 1. Disable the current physical/vlan interface. |
22 | 22 | 2. Push all the configuration to the Fortigate appliance. |
23 | 23 |
|
24 | | -Rollback plan: |
| 24 | +Rollback plan: Traffic will swithover back to the old interface. |
25 | 25 | ************ |
26 | 26 | 1. Enable the current physical/vlan interface. |
27 | 27 | 2. Push all the configuration to the Fortigate appliance. |
0 commit comments