Firewall Implementation Non AIS Managed

Features

n/ a

Benefits

n/ a


Manufacturers

Example Project Plan

Solution Design
  • Deal Registration
  • Determine best fit routing protocol
    • Determine best fit routing protocol
Implementation
  • Firewall Implementation Web Filter Global Base Configuration (non user based)
    • Work with Customer to determine what categories need to be blocked
    • Apply filter settings globally
  • Network Switch Configuration
    • Identify IP Subnet address and VLAN ID to be used for Guest Network Devices
    • Identify network switchport VLAN changes required
    • Identify required routing changes
    • Identify desired traffic flow Access List (ACL) restrictions
    • Update network switch configuration for Guest VLAN ID’s
  • Wireless Access Point Configuration
    • Update wireless access point SSID’s for Guest VLAN access
  • Update firewall configuration for Guests
    • Configure Guest Network IP Subnet settings on firewall
  • Configure Additional ISP
    • Add new WAN interface
    • Configure rules for access on new WAN interface
    • Configure required routing for new WAN interface
    • Configure all Site to Site VPN settings needed
  • Active/Passive Failover Configuration
    • Configure failover policy
  • Physical Decommissioning
    • Disconnect firewall from power, remove from rack
  • Logical Decommissioning
    • Remove routes and IP references to device being decommissioned
  • Firewall Configuration
    • Configure primary ISP
    • Configure secondary ISP
    • Configure LAN interface
    • Configure VPN
    • Configure VLAN
    • Configure routing
  • Firewall Cutover
    • Swap to new firewall
    • Confirm changes and commit
  • Setup of VPN Users
  • Configuration of Requested Rules/Groups for Content Filtering
Planning
  • After Hours Scheduling
    • After Hours Scheduling
  • Guest Network Settings
    • Determine which device should provide DHCP Server services to the Guest Network
    • Determine if custom DNS servers are desired for Guest Network
  • Develop routing traffic test plan to confirm during implementation
    • Develop routing traffic test plan to confirm during implementation
  • Confirm/Review ISP Information
    • Confirm all network information needed for configuration is available and accurate
  • Confirm if equipment to be decommissioned should be e wasted or otherwise disposed
    • Confirm if equipment to be decommissioned should be e wasted or otherwise disposed
  • Send Forticlient End User VPN Instructions to Users
Validation
  • Perform testing to verify traffic is routing as expected
    • Perform testing to verify traffic is routing as expected
Discovery
  • Identify internal/external subnets requiring routes
    • Identify internal/external subnets requiring routes
  • Discovery of current firewall configuration
    • Review existing firewall configuration and download a copy of the current configuration for backup purposes
Closing
  • another design review imple task
Last modified December 6, 2023