Table of contents
Topics on this page

Replace Network Security instances

To replace your Network Security instances, delete the original instance, then manage the new instance. Do not use a snapshot to replace a Network Security instance.


During the replacement process, traffic is continuously inspected, but you cannot modify the instances.

  1. To replace the instance in your environment, first create a new Network Security instance in the same AZ as your original instance using the latest AMI available.


    You can reuse the original ENIs for the new Network Security instance if you detach them from the original Network Security instance before you delete the original instance.

  2. Delete the original instance from the Network Security management interface.

  3. Reconfigure the new Network Security instance by running the command that you used to route traffic for inspection when you created your Network Security AMI instance.

  4. Distribute any policies or profiles that you used for the original instance, including Malware DV, to the new instance.

  5. Reroute the network traffic to the new Network Security instance by modifying the route tables with the new ENIs that were created for the new instance.