We specialize in a number of services related to firewall management which include Firewall Architecture Planning, Design, Management and specialist firewall migration services across a very broad range of firewall vendors.
Firewall Technology has a shelf life is very much determined by each organization’s growth plans, and with an ever changing security landscape firewall technology is only one element of an effective and secure network. End-of-Life and support of the technology and more importantly firewall throughput performance requirements.
Faced with challenges of upgrading legacy based network firewalls that frequently create a bottleneck in terms of performance and the inability to provide enhanced security services that are required to secure todays applications.
Our professional services team assist organizations by developing a standardized methodology to perform migrations, we validate and review existing firewall deployments by utilizing our comprehensive labs where we will simulate your firewalled environment pre and post migration before initiating the migration.
The six phase migration plan involves
The Audit Process of the Firewall Migration ensures the existing infrastructure is reviewed and audited to identify any key prerequisites that may be required before the migration. As part of the audit process key responsibilities are identified and given ownership to our Professional Services Team or the Customer. Multiple workshops are conducted by our highly skilled members with the Customer to ensure all risks are factored before any planning of the migration. Any significant business impact risks are highlighted here and will be considered as part of the next phase.
The Analyze Process of the Firewall Migration ensures consistency; by identifying key existing firewall functions such as network interfaces, security firewall features, NAT, ALG, logging, failover etc will be translated in a consistent approach to the new firewall device. Any custom configuration or method of operation that may exist on the existing firewall will also need to be considered carefully before migrating the actual configuration.
The Migrate Configuration is where the existing firewall configuration file is converted and translated into the new firewall configuration. This process is 70% - 80% automated using in- house built automated tools since it caters for basic initial configuration such as network interface settings, security zones, security policies, static routing and NAT. The remaining 30% - 20% is manual advanced configuration such as dynamic routing, ALG, IPS policies etc. As part of this process firewall objects and groups are optimized, unused objects are removed, over-shadowing security policies are also removed to ensure consistency.
The Validate Phase of the Firewall Migration ensures the configuration is tested, validated and sanitized to ensure there is no delta between the existing firewall and the new firewall configuration. In this phase it is preferable that the migrated configuration is uploaded to the new firewall to ensure there are no errors. This process also involves finalizing the details on the actual cutover with the Customer’s Operations Teams - success criteria, traffic benchmark and traffic services classification.
The Cutover Phase is where the actual firewall migration takes places and the production traffic is migrated from the old existing firewall infrastructure to the new firewall deployment. Advanced troubleshooting will quickly identify traffic that is experiencing impact. Services migrated are tested against the predefined benchmark in the previous step and validated against the success criteria to ensure a successful migration has been completed. Typically the actual migration takes place out of business hours where impact to the business is minimal and agreed upon with Customer Operations and Change Management Teams.
MONITOR The final process of the migration is to Monitor the newly migrated firewall infrastructure and to ensure the behaviour of the firewall is as expected. Professional Services Consultant will be on-site the next business day to ensure the new firewall infrastructure is integrated with Customers NOC and SOC monitoring and logging systems. Firewall health-check procedure is carried out to ensure CPU, Memory, Session Ramp-up Rate, Session List etc is as expected; with the success criteria defined and cross-checked with the Customer the firewall migration service is complete.
Migration Automation Tools
Warrior Networks in-house built Migration Automation Tools will be utilized to automate the tedious process of migrating basic firewall configuration. Network interfaces settings, security zones, security policies, static routing and basic NAT rules can be migrated with high accuracy. Achieving 70 – 80% automation of configuration is the target with a high accuracy rate. Existing firewall configuration is loaded on to the tool which creates an output of the new firewall configuration.
The Migration Automation Tool current supports the following vendors;
• Check Point to Juniper Networks ScreenOS / JUNOS
• Check Point to FortiGate FortiOS
• Cisco PIX / ASA to Juniper Networks Screen OS / JUNOS
• Cisco PIX / ASA to FortiGate FortiOS
• Juniper Networks ScreenOS / JUNOS to FortiGate FortiOS
• Sidewinder McAfee to FortiGate FortiOS
• Juniper ScreenOS to JUNOS
• Huawei Eudemon Firewalls to JUNOS SRX