Firewall Implementation Non AIS Managed

Sections on this page

Qualification Questions

Is Firewall Site To Site Vpn Required? If So, How Many Tunnels?
Is Firewall Web Filter Configuration Required? If So, How Many Rulesets?
Is Firewall Night-and-weekend Cutover Required? If So, How Many Locations?
Is Firewall Radius-and-ldap Authentication Integration Required? If So, How Many Integrations?
Is Firewall Guest Network Configuration Required? If So, How Many Locations?
Is Firewall Dynamic Routing Required? If So, How Many Subnets?
Is Firewall Failover Isp Configuration Required? If So, How Many Gateways?
Is Firewall Firewall Consolidation Required? If So, How Many Firewalls?
Is Firewall High Availability-and-failover Required? If So, How Many Firewall Pairs?
Is Firewall Ids-and-ips Required?
Is Firewall Fortianalyzer Configuration Required? If So, How Many Fortianalyzer Devices?
Is Juniper Srx Migration Required? If So, How Many Hours?
Is Firewall Fortinet End User Vpn Required? If So, How Many Units?
Is Firewall If Migrating From Different Brand Required? If So, How Many Units?
Is Firewall Additional Firewall Required? If So, How Many Units?
Does The Firewall Need To Act As A VPN Server? If So, For How Many Users?
Is Firewall 5 Inbound Nat-and-internal Server Configurations Required? If So, How Many 5 Rules?
Is Firewall Up To 10 Rules-and-groups For Content Filtering Required? If So, How Many Units?
Is Firewall Multi Factor Authentication (same Brand-and-internal) Required? If So, How Many Units?

Scope Of Work

Solution Design
  • Confirm Bill Of Materials Accuracy
  • Determine Best Fit Routing Protocol
    • Determine Best Fit Routing Protocol
Implementation
  • Firewall Implementation Web Filter Global Base Configuration (non User Based)
    • Work With Customer To Determine What Categories Need To Be Blocked
    • Apply Filter Settings Globally
  • Network Switch Configuration
    • Identify IP Subnet Address And VLAN ID To Be Used For Guest Network Devices
    • Identify Network Switchport VLAN Changes Required
    • Identify Required Routing Changes
    • Identify Desired Traffic Flow Access List (ACL) Restrictions
    • Update Network Switch Configuration For Guest VLAN ID’s
  • Wireless Access Point Configuration
    • Update Wireless Access Point SSID’s For Guest VLAN Access
  • Update Firewall Configuration For Guests
    • Configure Guest Network IP Subnet Settings On Firewall
  • Configure Additional ISP
    • Add New WAN Interface
    • Configure Rules For Access On New WAN Interface
    • Configure Required Routing For New WAN Interface
    • Configure All Site To Site VPN Settings Needed
  • Active-and-Passive Failover Configuration
    • Configure Failover Policy
  • Physical Decommissioning
    • Disconnect Firewall From Power, Remove From Rack
  • Logical Decommissioning
    • Remove Routes And IP References To Device Being Decommissioned
  • Firewall Configuration
    • Configure Primary ISP
    • Configure Secondary ISP
    • Configure LAN Interface
    • Configure VPN
    • Configure VLAN
    • Configure Routing
  • Cutover
    • Swap To New Firewall
    • Confirm Changes And Commit
  • Testing
    • Acceptance Test Plan (a Guide For What Determines If Something Is A Success)
  • Migration
    • Multiple Migration Sessions
  • Setup Of VPN Users
  • Configuration Of Requested Rules-and-Groups For Content Filtering
Planning
  • After Hours Scheduling
    • After Hours Scheduling
  • Guest Network Settings
    • Determine Which Device Should Provide DHCP Server Services To The Guest Network
    • Determine If Custom DNS Servers Are Desired For Guest Network
  • Develop Routing Traffic Test Plan To Confirm During Implementation
    • Develop Routing Traffic Test Plan To Confirm During Implementation
  • Confirm-and-Review ISP Information
    • Confirm All Network Information Needed For Configuration Is Available And Accurate
  • Confirm If Equipment To Be Decommissioned Should Be E Wasted Or Otherwise Disposed
    • Confirm If Equipment To Be Decommissioned Should Be E Wasted Or Otherwise Disposed
  • Freeze
    • Start Using Revision Control Or Whatever Is Being Used By Customer
  • Send Forticlient End User VPN Instructions To Users
Discovery
  • Identify Internal-and-external Subnets Requiring Routes
    • Identify Internal-and-external Subnets Requiring Routes
  • Project Kickoff
    • Project Manager Will Be Assigned And Lead As Primary Contact Project Manager Will Meet With Customer To Review The Project Scope And Assumptions And Finalize Any Details Such As Maintenance Windows For Approved Downtime
  • Discovery Of Current Firewall Configuration
    • Review Existing Firewall Configuration And Download A Copy Of The Current Configuration For Backup Purposes
  • Review
    • Go Over Existing Configurations To Discuss Anomalies And Things That Are Not Best Practice
    • What Physical Will End Up Looking Like
    • Discuss Outage Window(s)
  • Configuration Update
    • Discovery Of Upgraded Or Enhanced Commands
    • Current Code Is 10 Year Old Feature Set And Need To Look For Anything Deprecated
Validation
  • Perform Testing To Verify Traffic Is Routing As Expected
    • Perform Testing To Verify Traffic Is Routing As Expected
  • Monitoring
    • Health Check On A Predetermined List Of Device
  • Analyze
    • Compare Old Performance To New Performance And Schedule Maintenance To Improve

Last modified January 11, 2021