The MX Security Appliance can be configured to act as a warm spare, where a primary MX will "gracefully" fail over to a pre-configured, online secondary appliance. However, if a primary MX fails before a secondary was pre-configured as a spare, the network admin must perform a “cold spare” swap by cloning the original MX's configuration and swapping in the replacement appliance. This article outlines the full procedure for an MX cold swap.
Any local settings such as static IP addresses, proxies, and non-standard link speed will need to be configured manually on the local status page before the MX can connect to Dashboard. These should be copied from the faulty MX (if available).
Note: If the MX is performing DHCP and any downstream devices are configured to detect/contain rogue DHCP servers, be sure to whitelist the MAC address of the new MX.
A Dashboard Network can only contain one MX at a time. To make room for the new MX, the Network Administrator will have to remove the current MX. Please note that the network will retain the old MX's non-local configuration, so the replacement MX does not need to be reconfigured in Dashboard.
Once the faulty MX is removed, there is now space in the network to add the replacement MX.
If this security appliance was previously configured to use site-to-site VPN, that functionality will need to be re-enabled under Configure > Site-to-site VPN. Simply change the Mode to Full-tunnel or Split-tunnel, dependent on the desired mode of operation.
Since licensing applies on an organization-wide level this procedure should not invalidate licensing compliance.
Note: If the replacement MX is still not reporting in on Dashboard or 1:1 NAT is not working you may need to clear the upstream modem's ARP cache.