DTS Solution
Professional Services
Firewall Migration Services
DTS Solution Professional Services team
specializes in providing advanced network
firewall migration services across different
!
firewall technology vendors.
Firewall technology longevity spans
across a lifecycle of 5-7 years within the
infrastructure; this duration is often dictated
by growing security requirements within the
organization, enhanced security feature
requirements and more importantly firewall
!
throughput performance.
Organizations are often faced with
challenges of upgrading legacy based
network firewalls that already exist within
the infrastructure. Such legacy systems
frequently creating a bottleneck in terms of
per f or mance and ability to provide
enhanced security services required to
!
secure applications and domains.
Strategic decisions are also made by
organizations to adopt new security
technology vendors; resulting in optimized,
Network Security Firewall Vendors - Migration Services
DTS Solution
Legacy Firewall?
Migrate with DTS
enhanced and improved management and • Audit
administrative capabilities of the new •Analyze
!
network security firewall vendor.
At DTS Solution our Professional
•Migrate Configuration
•Validate
•Cutover
Services Team can assist organizations
develop a standardized methodology to
execute the firewall migration; validate and
!
•Monitor
Our Professional Services Team are
review existing firewall deployment and experts on all leading firewall technology
setup and perform actual migration services vendors and can support your organization
!
onto the new network security infrastructure. in performing firewall migration services that
is based on best practices ensuring least
Our approach to Firewall Migration
Services is based on a proven migration
framework and methodology that is driven
!!
impact to your business.
by best practices. Having carried out
numerous firewall migrations for
organizations, we at DTS Solution can say
each migration is unique and needs to be
treated with equal due diligence and due
Content
!
care.
The proven f irewall migration Firewall Migration Methodology 2
!
methodology is based on six key milestones;
Migration Automation Tools 3
Juniper Networks - JUNOS / ScreenOS
Cisco PIX / ASA
Checkpoint
Fortinet - FortiOS
Cyberguard TSP
Sidewinder - McAfee
Palo Alto
 Network Security
Firewall Vendors

!! Juniper Networks - JUNOS

!!
Juniper Networks - ScreenOS
!

!!!
Cisco PIX / ASA

!! !
!! Firewall Migration Methodology
!! AUDIT
Check Point Technologies The Audit Process of the Firewall Migration ensures the existing infrastructure is reviewed
and audited to identify any key prerequisites that may be required before the migration. As part
of the audit process key responsibilities are identified and given ownership to DTS Solution
Professional Services Team or the Customer. Multiple workshops are conducted by our highly
skilled members with the Customer to ensure all risks are factored before any planning of the
migration. Any significant business impact risks are highlighted here and will be considered as

Fortinet - FortiOS v3 / v4 / v5 !
part of the next phase.

ANALYZE
The Analyze Process of the Firewall Migration ensures consistency; by identifying key
existing firewall functions such as network interfaces, security firewall features, NAT, ALG,
logging, failover etc will be translated in a consistent approach to the new firewall device. Any
custom configuration or method of operation that may exist on the existing firewall will also need
!! Sidewinder - McAfee

!
to be considered carefully before migrating the actual configuration.

! MIGRATE CONFIGURATION
The Migrate Configuration is where the existing firewall configuration file is converted and
translated into the new firewall configuration. This process is 70% - 80% automated using in-
house built automated tools since it caters for basic initial configuration such as network interface
settings, security zones, security policies, static routing and NAT. The remaining 30% - 20% is
manual advanced configuration such as dynamic routing, ALG, IPS policies etc. As part of this
process firewall objects and groups are optimized, unused objects are removed, over-shadowing

!
security policies are also removed to ensure consistency.

VALIDATE
Contact Details The Validate Phase of the Firewall Migration ensures the configuration is tested, validated
and sanitized to ensure there is no delta between the existing firewall and the new firewall
!! configuration. In this phase it is preferable that the migrated configuration is uploaded to the
new firewall to ensure there are no errors. This process also involves finalizing the details on the
!! actual cutover with the Customer’s Operations Teams - success criteria, traffic benchmark and

DTS Solution
!
traffic services classification.

CUTOVER
Office Suite 61
The Cutover Phase is where the actual firewall migration takes places and the production
Oasis Center
traffic is migrated from the old existing firewall infrastructure to the new firewall deployment.
Sheikh Zayed Road Advanced troubleshooting will quickly identify traffic that is experiencing impact. Services
Dubai, UAE migrated are tested against the predefined benchmark in the previous step and validated against
PO BOX 128698 the success criteria to ensure a successful migration has been completed. Typically the actual
Tel: +971 433 83365 migration takes place out of business hours where impact to the business is minimal and agreed
Fax: +971 433 83367 Email: upon with Customer Operations and Change Management Teams.
sales@dts-solution.com
 Firewall Migration Methodology

DTS Solution
Professional Services
MONITOR
The final process of the migration is to Monitor the newly migrated firewall infrastructure
and to ensure the behaviour of the firewall is as expected. Professional Services Consultant
will be on-site the next business day to ensure the new firewall infrastructure is integrated with
Customers NOC and SOC monitoring and logging systems. Firewall health-check procedure is
carried out to ensure CPU, Memory, Session Ramp-up Rate, Session List etc is as expected;
with the success criteria defined and cross-checked with the Customer the firewall migration

!
service is complete.

Migration Automation Tools

DTS Solution in-house built Migration Automation Tools will be utilized to automate the
tedious process of migrating basic firewall configuration. Network interfaces settings, security
zones, security policies, static routing and basic NAT rules can be migrated with high
accuracy. Achieving 70 - 80% automation of configuration is the target with a high accuracy
rate. Existing firewall configuration is loaded on to the tool which creates an output of the new

!
firewall configuration.

!
The Migration Automation Tool current supports the following vendors;

• Check Point to Juniper Networks ScreenOS / JUNOS

• Check Point to FortiGate FortiOS
• Cisco PIX / ASA to Juniper Networks Screen OS / JUNOS
• Cisco PIX / ASA to FortiGate FortiOS
• Juniper Networks ScreenOS / JUNOS to FortiGate FortiOS
• Sidewinder McAfee to FortiGate FortiOS
• Juniper ScreenOS to JUNOS

!! • Huawei Eudemon Firewalls to JUNOS SRX

!!
!!
!!
!!
!!
!!
!!
!!
!!
!!
!!
Contact Details !!
!! !!
!! !!
DTS Solution
!!
Office Suite 61
Oasis Center
!!
Sheikh Zayed Road !!
Dubai, UAE
PO BOX 128698 !!
Tel: +971 433 83365
Fax: +971 433 83367 !!
Email: sales@dts-solution.com
!