GROC - Shift Handover Report

Date

Shift

CustomerName

Ticket #/ Task
Name

5/3/2015

Quilter London

605/610

5/3/2015

Royal Surrey

405

5/3/2015

DollarDex

405

5/3/2015

BroadRoom

Cpinfo retrieve

5/3/2015

Quilter London

605/610

5/3/2015

DollarDex

405

5/3/2015
5/3/2015
5/3/2015
5/3/2015

N
N
N
N

Kodak Alaris Inc

Kodak Alaris Inc
GROC
GROC

Followup Call
598
Document Review
Document Review

6/3/2015
6/3/2015
6/3/2015
6/3/2015

M
M
M
M

GROC
PSG
BroadRoom
GROC

Document Review
Followup Call
Cpinfo retrieve
Internal Task

6/3/2015

GROC

Internal Task

6/3/2015
6/3/2015
6/3/2015

M
N
N

GROC
Boardroom
DollarDex

Internal Task
File upload
406

6/3/2015
6/3/2015

N
N

GROC
GROC

Internal Task
Internal Task

7/3/2015

Royal Surrey

405

7/3/2015

GROC

Internal Task

7/3/2015

DollarDex

448

7/3/2015

Kodak Alaris Inc

2523

7/3/2015
7/3/2015
8/3/2015

N
N
M

Kodak Alaris Inc

GROC
DollarDex

2526
Internal Task
405

8/3/2015

GROC

Internal Task

8/3/2015

GROC

Internal Task

8/3/2015

GROC

Internal Task

8/3/2015

GROC

Internal Task

9/3/2015
9/3/2015

M
M

GROC
Boardroom

Internal Task
Policy config

9/3/2015

GROC/PSG

Wiki pages

9/3/2015

TAD

536/537

9/3/2015

MDM

Reset Passwords

9/3/2015

Dollardex

405

10/3/2015
10/3/2015

M
M

Old Mutual
TAD

PSG#20291
536/537

10/3/2015

DollarDex

Ticket Update

10/3/2015
10/3/2015
10/3/2015
10/3/2015
10/3/2015
10/3/2015
10/3/2015

M
M
M
M
M
M
M

GROC
GROC
GROC
GROC
GROC
GROC
GROC

Internal Task
Internal Task
Internal Task
Internal Task
Kodak Rochester
15702 -Kodak Roches
Internal

11/3/2015

DollarDex

Ticket Update
618
619

11/3/2015
11/3/2015
11/3/2015

N
N
N

Royal Surrey
TAD
Kodak Alaris

537
2699

Description
New Customer enrollment
Troubleshooting session with Checkpoint
Customer asked to restrict management access to wan1 interface.
Copy Cpinfo file from customer firewall to Unix bastion host.
New Customer Enrollement
Customer asked to restrict management access to wan1 interface.
Followup call with PS Team
PIQ - Device Enrolment - HongKong
Process Document Review
Process Document Review

Process Document Review

Validated list of real customer person accounts in Prod PODs
Copy Cpinfo file from customer firewall to Unix bastion host.
Quilter - London Password change testing

Process Documenet Review

Quilter - London Jonathan customer portal access

Copy cpinfo file for analysis
Removal of "fwadmin" account based on ticket 405

Security Alerts from customers

Process Document Review
Royal Surrey ARP issue
Security Alerts from customers
FCKeditor.CurrentFolder.Arbitrary.File.Upload
e.g. ticket ID is #446 and several
other tickets
Windsor-Sec Interface 1/2 went down
Please make Kodak Alaris Wide Angle Account
steven.magginetti@kodakalaris.com an
administrator on wide angle.
Internal Task
To restrict Internet access to management interface

Process Document Review

Process Document Review
Security Alerts from customers

Process Document Review

Process Document Review

Customer requested to create policy rule on CMA
PSG requested to update customer contact list on wiki portal. Asked
to put first name and last name in two columns and comment on
group names

Upgrade firewalls of TAD to 5.0.11

Hiroki asked to reset the passwords for some users in a particular

customer.
Restrict the Fortigate webUI from outside access.
Worked with PSG to troubleshoot vpn connection between panorama
and the device
Uploaded the the 5.0.11 software to the Secondary Device
#448 Verified the rules that will be impacted when blocking Medium
Severity attacks
Process Document Review
Ticket Update/ Ticket Close
Validated list of real customer person accounts in Prod PODs
Verify Screen Shot
PIQ
VPN establishment for Kodak Rochester # 15702
Monthly Report - Feb
#448 Verified the rules that will be impacted when blocking Medium
Severity attacks
Add routes
Add new policy
Failover due to arp entries missing after policy push
Ticket Update
Global Protect connectivity issue

Action

Welcome kit and password SMS sent. Tried to follow up with L3 on the logging issue. Fixed so
was having in the customer portal.
Assisted Checkpoint on the troubleshooting session during the maintainance window. Debug
uploaded to the checkpoint.

Troubleshoot and analyze Fortigate configuration

Had a call with customer and they suggest 5pm for the operation. But they didn't send a con
follow up mail to the customer asking for the confirmation.
Coordinated L3 with logging issues and resloved same. Fixed issues related to customer port
PSG for portal related issues.
delivered ticket to customer with necessary information to resolve the issue.
Discussed about kodak HK pending tasks for delivering welcome kit
Welcome kit and password SMS sent as instructed by Park Warne
Reviewed two documents and everything looks good
Reviewed two documents and everything looks good
Documents reviewed 1.GROC Remote QA 24 Feb 2015
2.GROC_CPE_015_CheckPoint_FW_Provsn_updated_27Feb2015
3.GROC_NTT_009_CheckPoint_Cust_Device_Enrol_AdminPortal_updated_27Feb2015
4.GROC_NTT_007_CiscoASA_vFW_Deprovsn 27Feb 2015
Called PSG to follow Up on this request
Follow up for the window
Password change testing

Reviewed the following Documents

GROC_NTT_021_Fortinet_FW_Provsn 27Feb2015 GROC_NTT_023_Fortinet_FW_Deprovsn_ 27Feb2015 - Document is detailed.

GROC_NTT_026_CiscoASA_FW_Deprovsn 27Feb 2015 - Document is detailed.
GROC_NTT_034_PAN_FW_Deprovsn_updated_27Feb2015 - Document is detailed.
Verified his access and confirmed that he is configured to see all sections same as the other
Jonathan sent a failed change password testing.
Reset the initial password for Quilter contact person to eliminate any illegal characters on the
Sent the passwords via SMS.
Jonny confirmed he is now able to change password to customer portal.
Uploaded cpinfo file to Wideangle portal for analysis
Created child ticket and remove fwadmin account as per advice by us and confirmation of cu

12 different security alerts seen with our customers (the PDF output), who receive automated
GROC_NTT_021_Fortinet_FW_Provsn 27Feb2015
sent email followup if the issue has been replicated on their lab

Condolidated all the provided Security Alerts on PDF given by nightshift and created an excel
Block source IP 216.99.158.86 going to internal networks
Explain to customer that the profile is for monitor only for the IPS so the threat was detected
Follow up customer for any network issue pertaining to this

Change steven.magginetti@kodakalaris.com account accordingly

Process Document Review done and forwarded results to Thomas
Replied Alex's email and inform about the secondary IP in the WAN interface
Reviewed:
GROC_CPE_036_PAN_FW_Provsn_06Mar2015
GROC_CPE_037_PAN_FW_Deprovsn_06Mar2015
GROC_CPE_017_Fortinet_FW_Provsn_06March2015
GROC_CPE_018_Fortinet_FW_Deprovsn_06March2015
Reviewing: GROC_CPE_010_CheckPoint_FW_Provsn_updated_05Mar2015
Reorder the security alerts
Reviewed:
GROC_CPE_039_CiscoASA_5545_vFW_Provsn_06 March2015
GROC_CPE_014_CheckPoint_ColdSwap_updated_05Mar2015
GROC_CPE_016_Fortinet_ColdSwap 06 March 2015

Reviewed:
GROC_CPE_010_CheckPoint_FW_Provsn_updated_05Mar2015-2
GROC_CPE_029_CiscoASA_ColdSwap_06 March2015
GROC_NTT_019_Fortinet_ContentSecurity_PROVSN 06 March 2015
Added cpolicy rule for timesoft on customer CMA

Updated the Customer contact list on excel file.

Manually downloaded the OS image from Palo Alto site. Try uploading file to the device via Pa
not successful.Upload taken too long.
Request the downtime from customer for upgrade on 19th March

Reset passwords in Afaria AD and sent to Hiroki.

Remove the user access scope and restricted the webUI from internet access. Update the tic
close
Issue is already fixed

Informed Thomas and Alex about this request and Thomas advised to wait for his reply to clie
Reviewed the document GROC_NTT_080_Cisco_ASA_PCR_Handling_Procedures_03Dec2014.d
some screenshot that are different from the current ASA version we have.
Dollardex (#405,#448) RoyalSurrey(#594, #603, #593) KodakAlaris (#2526) DollarDex (#4
Updated the customer list based on PSG query and shared it to PSG
Verified with Alex and updated accordingly to requestor
Verified and Updated the PIQ with Brian info
Sent mail to PSF to work on VPN
Updated the report to Alex

Informed Chris that we are investigating this and will followup once we have a conclusion.
Add the route towards the Gateway(194.155.12.1) on both the Firewalls
New object creation for source vlan 252 (10.161.130.0/24) and destination xmlts.syhapp.third
Monitor RS citrix gateway and failover to secondary firewall
Inform customer of upgrade on March 17 17:00 CET (March 18 12:00 AM)
Ask for logs to further troubleshoot

Remark/ Follow up

Status

Follow up with L3 on logging issue

Have to follow up with Checkpoint on the
progress

Hand over to next shift

Completed for today
Maintainance window

Get advice from Alex

Hand over to next shift

Follow up with the customer

Hand over to next shift

Follow up with PSG & Customer

Hand over to next shift

Follow up with Customer

Hand over to next shift

Follow
Follow
Follow
Follow

Hand
Hand
Hand
Hand

up
up
up
up

with
with
with
with

PS Team
the customer
Team
Team

over
over
over
over

to
to
to
to

next
next
next
next

shift
shift
shift
shift

Follow up with Team to complete the pending

document
Hand over to next shift
Follow up with PSG
Hand over to next shift
Follow up with the customer
Hand over to next shift

GROC_NTT_021_Fortinet_FW_Provsn
27Feb2015 - Need to update the part where
Sunil instructed to provide steps how to
enable IPS/IDS and step by step guide in
creating policy. Need to get inputs from
someone that is more familiar with Fortinet.
Sending to the nextshift for continuation.

Follow up with L3
Follow up with Customer

Hand over to next shift

Hand over to next shift

Check Email IDS/IPS Alerts

Follow Up with Alex
Have to follow up with Checkpoint on the
progress
Need to do peer review on the excel file and
send to Thomas on Monday

Hand over to next shift

Follow up with Customer

Interface recovered - for monitoring
Follow up with Customer

Hand over to next shift

Follow up with Customer

Hand over to next shift

Follow up with Alex

Hand over to next shift

Hand over to next shift

Hand over to next shift

Hand over to next shift

Follow up with Team to complete the pending

document . This four document has done
reviewed and added my comment. The file is
in the computer's Dekstop.
Hand over to next shift
Complete up page 25. Please continue from
page 26.
Hand over to next shift
Peer Review. Will need to send to Thomas on
9th March Morning
Hand over to next shift

Follow up with Team to complete the pending

document . This three documents has done
reviewed and seems good.
Hand over to next shift

Documents sent to Thomas

Completed

Completed
None

Check with Alex on group name comments

Hand over to the next shift

Try to upload the file to Eu bastion hosts first

and upload to the device from there.
Hand over to the next shift

Completed

None

Follow up with the customer

Hand over to the next shift

Completed
Completed

Completed
Completed
Completed
Follow Up
Completed

(10.116.249.67 ) 2. New service object group creation TCP_443_44444

Hand over to the next shift

Handled by

Time taken

Siew/Ravi

12 hours

Ravi

3.5 hours

Siew

3 hours

Siew/Ravi
30 Minutes
Kishore/Manji
t
3 hours
Kishore
30 Minutes
Kishore/Manji
t
30 Minutes
Manjit
2 Hours
Kishore
1 Hour
Manjit
1 Hour

Hariharan
Hariharan
Hariharan
Walter

3 Hours
15 mins
15 mins
30 Minutes

Walter

3 Hours

Walter
Thiru/Allan
Allan

1 Hour
1 Hour
30 Minutes

Allan
Thiru

2 Hours

Allan

15 mins

Walter

2 Hours

Allan

1 Hour

Allan

1 Hour

Allan
Thiru
Siew

30 Minutes
2 Hours
15 min

Siew

5 hours

Ravi

4 Hours

Ravi

30 Minutes

Kishore/Manjit2 hours

Ravi/Siew
Ravi

3.5 hours
30 minutes

Ravi

1.5 hours

Siew

2 hours

Siew

30 minutes

Siew

1 hour

Walter
Walter

1 hour
1 hour

Walter

30 minutes

Walter
Walter
Hariharan
Hariharan
Hariharan
Hariharan
Hariharan

2.5 Hours
1 Hour
30 Mins
30 Mins
1 Hour
30 Mins
1 Hour

Allan

30 minutes

Thiru
Allan
Allan
Thiru

1.5 hours
4 hours
30 minutes
2 hours