Challenge:
Upgrading an Aging Firewall System with End of Life Support
A company with an aging firewall system that is nearing its End of Life (EoL) and without a support contract requested a hardware replacement or upgrade to a newer version of a firewall. The challenge was to identify the best approach to ensure that the company’s network security was not compromised while minimizing disruption to the company’s operations.
Description and scope of work:
- To address the challenge, the project involved researching and evaluating the most suitable Palo Alto appliance for the company’s needs, based on factors such as performance, scalability, and cost-effectiveness. The project team then worked to install and configure the disaster recovery colocation, which involved identifying suitable hardware and software requirements, ensuring that the network architecture was suitable for the new firewall system, and testing the system to ensure that it met the necessary standards.
- The team also cloned the Palo Alto installation to the primary colocation, ensuring that the configuration was consistent across all locations. This included installing and configuring the firewall software, implementing security policies, and testing the system to ensure that it functioned correctly.
- Finally, the project team enabled stateful box2box High Availability (HA) for full, hitless redundancy, ensuring that active sessions and configurations were synchronized between the two colocations. This included testing the system to ensure that it met the company’s performance and security requirements.
Used tools and technologies:
To address the challenge of implementing a state-of-the-art firewall High Availability system with disaster recovery, the project team used various tools and technologies, including Palo Alto firewall appliances, network analyzers, diagnostic tools, and Pingdom.
The project involved researching and evaluating the most suitable Palo Alto appliance for the company’s needs, based on factors such as performance, scalability, and cost-effectiveness. The team then worked to install and configure the disaster recovery colocation, which involved identifying suitable hardware and software requirements, ensuring that the network architecture was suitable for the new firewall system, and testing the system to ensure that it met the necessary standards.
The team also cloned the Palo Alto installation to the primary colocation, ensuring that the configuration was consistent across all locations. This included installing and configuring the firewall software, implementing security policies, and testing the system to ensure that it functioned correctly.
Finally, the team enabled stateful box2box High Availability (HA) for full, hitless redundancy, ensuring that active sessions and configurations were synchronized between the two colocations. This included testing the system to ensure that it met the company’s performance and security requirements, using Pingdom to monitor system uptime and performance.
Achievements:
The project was successful in implementing a state-of-the-art firewall High Availability system with disaster recovery, which led to several achievements.
Firstly, installing the NG (Next Generation) firewall significantly improved security and provided more advanced features to prevent cyber threats. The new firewall also allowed the company to become HIPAA compliant, meeting the highest standards of patient data protection.
The project also resulted in a standard design and structure, avoiding vendor lock-in and providing better manageability. The combination of two different firewalls from two different vendors further improved security by diversifying the system and reducing the risk of a single point of failure.
Overall, this project allowed the company to improve their network security and meet compliance requirements while avoiding vendor lock-in and improving manageability. The use of multiple firewalls and Pingdom for monitoring further enhanced the system’s security and uptime, ensuring that the company’s critical operations remained protected at all times.
