Firewall Implementation Non AIS Managed
Features
n/ a
Benefits
n/ a
Manufacturers
Example Project Plan
Solution Design
- Deal Registration
- Determine best fit routing protocol
- Determine best fit routing protocol
Implementation
- Firewall Implementation Web Filter Global Base Configuration (non user based)
- Work with Customer to determine what categories need to be blocked
- Apply filter settings globally
- Network Switch Configuration
- Identify IP Subnet address and VLAN ID to be used for Guest Network Devices
- Identify network switchport VLAN changes required
- Identify required routing changes
- Identify desired traffic flow Access List (ACL) restrictions
- Update network switch configuration for Guest VLAN ID’s
- Wireless Access Point Configuration
- Update wireless access point SSID’s for Guest VLAN access
- Update firewall configuration for Guests
- Configure Guest Network IP Subnet settings on firewall
- Configure Additional ISP
- Add new WAN interface
- Configure rules for access on new WAN interface
- Configure required routing for new WAN interface
- Configure all Site to Site VPN settings needed
- Active/Passive Failover Configuration
- Configure failover policy
- Physical Decommissioning
- Disconnect firewall from power, remove from rack
- Logical Decommissioning
- Remove routes and IP references to device being decommissioned
- Firewall Configuration
- Configure primary ISP
- Configure secondary ISP
- Configure LAN interface
- Configure VPN
- Configure VLAN
- Configure routing
- Firewall Cutover
- Swap to new firewall
- Confirm changes and commit
- Setup of VPN Users
- Configuration of Requested Rules/Groups for Content Filtering
Planning
- After Hours Scheduling
- After Hours Scheduling
- Guest Network Settings
- Determine which device should provide DHCP Server services to the Guest Network
- Determine if custom DNS servers are desired for Guest Network
- Develop routing traffic test plan to confirm during implementation
- Develop routing traffic test plan to confirm during implementation
- Confirm/Review ISP Information
- Confirm all network information needed for configuration is available and accurate
- Confirm if equipment to be decommissioned should be e wasted or otherwise disposed
- Confirm if equipment to be decommissioned should be e wasted or otherwise disposed
- Send Forticlient End User VPN Instructions to Users
Validation
- Perform testing to verify traffic is routing as expected
- Perform testing to verify traffic is routing as expected
Discovery
- Identify internal/external subnets requiring routes
- Identify internal/external subnets requiring routes
- Discovery of current firewall configuration
- Review existing firewall configuration and download a copy of the current configuration for backup purposes
Closing
- another design review imple task
Last modified
December 6, 2023