Our client is a major worldwide company whose organisation is rapidly expanding through organic growth and acquisition. Through its IT life-cycle program our client realised that its edge facing security solution devices were coming to end of life and in need of replacement. They also realised that it was an opportunity to look at the requirements and build an edge facing security system to match their current and future requirements.
The clients technical architect decided the best solution was to move to Palo Alto firewalls and Unitedgrids was engaged to test the devices against the requirements, devise an LLD and then implement the changes.
Requirements:
- Test and prove Palo Alto Firewalls Services
- Rules policies
- IPS
- IDS
- URL Filtering
- Packet filtering (above layer 4)
- Replace Cisco ASA Firewalls with Palo Alto Firewalls with matching rules base
- Implement IPS, IDS and Packet Filtering on all Palo Alto Firewalls
- Implement no point of failure throughout the network infrastructure
- Zero down time during replacements.
Challenges:
- Maintaining continuity of services during FW replacements
- Establishing acceptable replacement program
- Establishing acceptable support levels for NOC team
What we did:
- Established a technical test lab/sandbox and tested against requirements .
- Established a Low Level Design that was approved by the clients Technical Architect.
- Presented LLD to CAB to establish the planned changes as standard changes for easier
- implementation.
- Replaced Cisco ASA 550 devices with the following Palo Alto devices at the relevant client sites:
- PA-3200, PA-820 and PA-220 .
Technology involved:
- Security
- Routing and switching
Benefits:
- Security
- Implementing a Next Generation FW introduced far greater data filtering and examination up to layers 6 and 7
- Having one solution using the same policies drastically reduced the former risk of having to manage two or more security solutions running on various hardware and middleware.
- Costs
- Reduced costs of having to support and licence other security products.
- Productivity
- Vastly Improved throughput of data increased the productivity in the clients operation doing more, more quickly.
- Flexibility
- The modular design allows for growth, providing easy deployment at new sites.
- Risk Management
- Improved resilience has reduced the risk of any down time and allowed the client to improve its internal SLA’s within the business..
- Improved security management and resilience has provided the client to fully comply with
- compliance and governance requirements.
Engineering Level Used:
- Palo Alto Engineer
- Cisco CCIE Security
- Cisco CCIE Switch and Routing