Feature #16855
open
Add option to skip Nexus registration data from config.xml export.
0%
Description
We've seen a couple tickets where importing a config into another firewall will cause it to be unable to register to a Nexus controller if both exported and imported config firewalls are trying to communicate since the Nexus data identifiers are stored in the config file.
We should put a warning on this checkbox also to use the option if using Nexus and planning to import the config into a separate firewall.
Updated by Kris Phillips 2 days ago
- Status changed from New to Confirmed
I can confirm this would be very helpful. Several customers have restored config backups from one firewall to another one and forgotten to remove the <mim> section from the config. This causes things like the encryption keys to be the same for multiple firewalls and cause registration issues until you manually delete this section from the config and blow away the Nexus database.
Updated by Marcos M about 9 hours ago
The issue is that there's no straightforward way to regenerate the necessary keys in case of a conflict between MIM devices. The solution to this is better left to the Nexus GUI.