Update Forge Firewall/Firewall Manager image from PAYG to BOYL

[bruce-wh-li]

Describe the Issue To change license of firewall/firewall manager to BOYL in Forge

Additional Context

• Backup Firewall System Backup
• Update ASEA Configuration to point to BOYL AMI
• Update ASEA Config to increase DASD size for Firewall Manager
• Deploy Firewall/Firewall BOYL Change through AWS CI/CD
• Restore Firewall Backup
• Check SIC, CME, License, Contract, Overall Health No Firewall/Firewall Manager version will be changed. The scope is only to change AMI image from PAYG to BYOL.

Acceptance Criteria

• [x] BOYL AMI image is used
• [x] Firewall is up and running A set of pre-defined requirement that need to be met in order to mark the user story as “done”. See below for team agreement details.

[bruce-wh-li]

@12:48 2024-04-10, Firewall/Firewall Mgr System Backup and configuration saved and uploaded to S3 bucket.

[bruce-wh-li]

What happened to update firewall manager to BYOL AMI :

1. config.json modified to point to BYOL AMI image. state machine run a. firewall asg not appeared in smartconsole b. cme version 250 installation completed but startup script execution failure c. firewall manager ip address is changed d. "VE license is required" warning found in log
2. terminate firewall asg (PAYG) and re-run state machine
3. restore firewall backup e. firewall EC2 failed to boot up due to failed health check 1/2 (connectivity issue)

[bruce-wh-li]

Failed to curl to 169.254.169.254 magic ip address to retrieve metadata specific to the instance

[NickCorcoran]

We did get this working with trial licenses.