Planning for migrating a firewall
From Notes_Wiki
Home > Enterprise security devices or applications > Planning for migrating a firewall
While coordinating on downtime / planning for migrating to a new firewall, it makes sense to have following information :
- From when to when is the downtime?
- Who is the contact person available during downtime to help with:
- Cable identification (ISP1 cable, LAN cable, etc.) locally on site
- Coordiante with local users on the site if and when services are disrupted during downtime.
- Test after migration whether all critical services are up.
- The point of contact must know what are all critical to the site and how to check them. Or he should know who to reach *during* downtime for the validation. Examples to check *not exhaustive*:
- VPN and appropriate VPN policies
- Incoming NAT to servers. Also combine this with ISP failover test mentioned later, if applicable.
- Outgoing Internet access for users and servers with appropriate site blocking
- IPSec connectivity to other units various subnets. Connectivity to various subnets of unit being migrated from other units.
- Local logins or AD integration
- Captive portal (if implemented)
- Active/Passive failover if deployed in HA
- ISP failover tests, if applicable
- For every critical test ensure that the same is done on existing firewall and details are captured (Eg screenshot, URL, whether test is done over public Internet / VPN, etc.)
- The point of contact must know what are all critical to the site and how to check them. Or he should know who to reach *during* downtime for the validation. Examples to check *not exhaustive*:
- Is this migration necessary before a specific date? Eg before important event or before current license expires. If yes, please share the date?
- What other downtime windows are possible before the migration end-date, if migration fails in the current downtime window.
Home > Enterprise security devices or applications > Planning for migrating a firewall
