Professional Documents
Culture Documents
Firewall Migration Services v3.0
Firewall Migration Services v3.0
Professional Services
Legacy Firewall?
!
firewall technology vendors. !
network security firewall vendor.
!
throughput performance. !
onto the new network security infrastructure. in performing firewall migration services that
is based on best practices ensuring least
network firewalls that already exist within by best practices. Having carried out
the infrastructure. Such legacy systems numerous firewall migrations for
frequently creating a bottleneck in terms of organizations, we at DTS Solution can say
per f or mance and ability to provide each migration is unique and needs to be
enhanced security services required to treated with equal due diligence and due
Content
!
secure applications and domains.
!!
Juniper Networks - ScreenOS
!
!!!
Cisco PIX / ASA
!! !
!! Firewall Migration Methodology
!! AUDIT
Check Point Technologies The Audit Process of the Firewall Migration ensures the existing infrastructure is reviewed
and audited to identify any key prerequisites that may be required before the migration. As part
of the audit process key responsibilities are identified and given ownership to DTS Solution
Professional Services Team or the Customer. Multiple workshops are conducted by our highly
skilled members with the Customer to ensure all risks are factored before any planning of the
migration. Any significant business impact risks are highlighted here and will be considered as
Fortinet - FortiOS v3 / v4 / v5 !
part of the next phase.
ANALYZE
The Analyze Process of the Firewall Migration ensures consistency; by identifying key
existing firewall functions such as network interfaces, security firewall features, NAT, ALG,
logging, failover etc will be translated in a consistent approach to the new firewall device. Any
custom configuration or method of operation that may exist on the existing firewall will also need
!! Sidewinder - McAfee
!
to be considered carefully before migrating the actual configuration.
! MIGRATE CONFIGURATION
The Migrate Configuration is where the existing firewall configuration file is converted and
translated into the new firewall configuration. This process is 70% - 80% automated using in-
house built automated tools since it caters for basic initial configuration such as network interface
settings, security zones, security policies, static routing and NAT. The remaining 30% - 20% is
manual advanced configuration such as dynamic routing, ALG, IPS policies etc. As part of this
process firewall objects and groups are optimized, unused objects are removed, over-shadowing
!
security policies are also removed to ensure consistency.
VALIDATE
Contact Details The Validate Phase of the Firewall Migration ensures the configuration is tested, validated
and sanitized to ensure there is no delta between the existing firewall and the new firewall
!! configuration. In this phase it is preferable that the migrated configuration is uploaded to the
new firewall to ensure there are no errors. This process also involves finalizing the details on the
!! actual cutover with the Customer’s Operations Teams - success criteria, traffic benchmark and
DTS Solution
!
traffic services classification.
CUTOVER
Office Suite 61
The Cutover Phase is where the actual firewall migration takes places and the production
Oasis Center
traffic is migrated from the old existing firewall infrastructure to the new firewall deployment.
Sheikh Zayed Road Advanced troubleshooting will quickly identify traffic that is experiencing impact. Services
Dubai, UAE migrated are tested against the predefined benchmark in the previous step and validated against
PO BOX 128698 the success criteria to ensure a successful migration has been completed. Typically the actual
Tel: +971 433 83365 migration takes place out of business hours where impact to the business is minimal and agreed
Fax: +971 433 83367 Email: upon with Customer Operations and Change Management Teams.
sales@dts-solution.com
Firewall Migration Methodology
DTS Solution
Professional Services
MONITOR
The final process of the migration is to Monitor the newly migrated firewall infrastructure
and to ensure the behaviour of the firewall is as expected. Professional Services Consultant
will be on-site the next business day to ensure the new firewall infrastructure is integrated with
Customers NOC and SOC monitoring and logging systems. Firewall health-check procedure is
carried out to ensure CPU, Memory, Session Ramp-up Rate, Session List etc is as expected;
with the success criteria defined and cross-checked with the Customer the firewall migration
!
service is complete.
!
firewall configuration.
!
The Migration Automation Tool current supports the following vendors;
!!
!!
!!
!!
!!
!!
!!
!!
!!
!!
!!
Contact Details !!
!! !!
!! !!
DTS Solution
!!
Office Suite 61
Oasis Center
!!
Sheikh Zayed Road !!
Dubai, UAE
PO BOX 128698 !!
Tel: +971 433 83365
Fax: +971 433 83367 !!
Email: sales@dts-solution.com
!