Juniper Networks - JUNOS / ScreenOS Cisco PIX / ASA

Checkpoint Fortinet - FortiOS Cyberguard TSP

Sidewinder - McAfee Palo Alto

DTS SolutionNetwork Security Firewall Vendors - Migration Services

DTS

Solut

ion

Firewall Migration ServicesDTS Solution Professional Services team

specializes in providing advanced network firewall migration services across different firewall technology vendors. !

Firewall technology longevity spans across a lifecycle of 5-7 years within the infrastructure; this duration is often dictated by growing security requirements within the organization, enhanced security feature requirements and more importantly firewall throughput performance. !

Organizations are often faced with challenges of upgrading legacy based network firewalls that already exist within the infrastructure. Such legacy systems frequently creating a bottleneck in terms of per formance and abil i ty to provide enhanced security services required to secure applications and domains. !

Strategic decisions are also made by organizations to adopt new security technology vendors; resulting in optimized,

enhanced and improved management and administrative capabilities of the new network security firewall vendor. !

At DTS Solution our Professional Services Team can assist organizations develop a standardized methodology to execute the firewall migration; validate and review existing firewall deployment and setup and perform actual migration services onto the new network security infrastructure. !

Our approach to Firewall Migration Services is based on a proven migration framework and methodology that is driven by best practices. Having carried out n u m e ro u s f i r ewa l l m i g r a t i o n s f o r organizations, we at DTS Solution can say each migration is unique and needs to be treated with equal due diligence and due care. !

The p roven f i r ewa l l m ig ra t i on methodology is based on six key milestones; !

• Audit •Analyze •Migrate Configuration •Validate •Cutover •Monitor !Our Professional Services Team are

experts on all leading firewall technology vendors and can support your organization in performing firewall migration services that is based on best practices ensuring least impact to your business. !!

Content Firewall Migration Methodology 2

Migration Automation Tools 3

Prof

essio

nal S

ervi

ces

Legacy Firewall?

Migrate with DTS

!Firewall Migration Methodology AUDIT

The Audit Process of the Firewall Migration ensures the existing infrastructure is reviewed and audited to identify any key prerequisites that may be required before the migration. As part of the audit process key responsibilities are identified and given ownership to DTS Solution Professional Services Team or the Customer. Multiple workshops are conducted by our highly skilled members with the Customer to ensure all risks are factored before any planning of the migration. Any significant business impact risks are highlighted here and will be considered as part of the next phase. !ANALYZE

The Analyze Process of the Firewall Migration ensures consistency; by identifying key existing firewall functions such as network interfaces, security firewall features, NAT, ALG, logging, failover etc will be translated in a consistent approach to the new firewall device. Any custom configuration or method of operation that may exist on the existing firewall will also need to be considered carefully before migrating the actual configuration. !MIGRATE CONFIGURATION

The Migrate Configuration is where the existing firewall configuration file is converted and translated into the new firewall configuration. This process is 70% - 80% automated using in-house built automated tools since it caters for basic initial configuration such as network interface settings, security zones, security policies, static routing and NAT. The remaining 30% - 20% is manual advanced configuration such as dynamic routing, ALG, IPS policies etc. As part of this process firewall objects and groups are optimized, unused objects are removed, over-shadowing security policies are also removed to ensure consistency. !VALIDATE

The Validate Phase of the Firewall Migration ensures the configuration is tested, validated and sanitized to ensure there is no delta between the existing firewall and the new firewall configuration. In this phase it is preferable that the migrated configuration is uploaded to the new firewall to ensure there are no errors. This process also involves finalizing the details on the actual cutover with the Customer’s Operations Teams - success criteria, traffic benchmark and traffic services classification. !CUTOVER

The Cutover Phase is where the actual firewall migration takes places and the production traffic is migrated from the old existing firewall infrastructure to the new firewall deployment. Advanced troubleshooting will quickly identify traffic that is experiencing impact. Services migrated are tested against the predefined benchmark in the previous step and validated against the success criteria to ensure a successful migration has been completed. Typically the actual migration takes place out of business hours where impact to the business is minimal and agreed upon with Customer Operations and Change Management Teams.

Network Security Firewall Vendors

Juniper Networks - JUNOS !!!! !Juniper Networks - ScreenOS

Cisco PIX / ASA !!!!!!!!!Check Point Technologies

Fortinet - FortiOS v3 / v4 / v5

Sidewinder - McAfee !!!

Contact Details !!!!DTS Solution Office Suite 61 Oasis Center Sheikh Zayed Road Dubai, UAE PO BOX 128698 Tel: +971 433 83365 Fax: +971 433 83367 Email: sales@dts-solution.com

Firewall Migration Methodology MONITOR

The final process of the migration is to Monitor the newly migrated firewall infrastructure and to ensure the behaviour of the firewall is as expected. Professional Services Consultant will be on-site the next business day to ensure the new firewall infrastructure is integrated with Customers NOC and SOC monitoring and logging systems. Firewall health-check procedure is carried out to ensure CPU, Memory, Session Ramp-up Rate, Session List etc is as expected; with the success criteria defined and cross-checked with the Customer the firewall migration service is complete. !Migration Automation Tools

DTS Solution in-house built Migration Automation Tools will be utilized to automate the tedious process of migrating basic firewall configuration. Network interfaces settings, security zones, security policies, static routing and basic NAT rules can be migrated with high accuracy. Achieving 70 - 80% automation of configuration is the target with a high accuracy rate. Existing firewall configuration is loaded on to the tool which creates an output of the new firewall configuration. !

The Migration Automation Tool current supports the following vendors; !• Check Point to Juniper Networks ScreenOS / JUNOS • Check Point to FortiGate FortiOS • Cisco PIX / ASA to Juniper Networks Screen OS / JUNOS • Cisco PIX / ASA to FortiGate FortiOS • Juniper Networks ScreenOS / JUNOS to FortiGate FortiOS • Sidewinder McAfee to FortiGate FortiOS • Juniper ScreenOS to JUNOS • Huawei Eudemon Firewalls to JUNOS SRX !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Contact Details !!!!DTS Solution Office Suite 61 Oasis Center Sheikh Zayed Road Dubai, UAE PO BOX 128698 Tel: +971 433 83365 Fax: +971 433 83367 Email: sales@dts-solution.com

DTS

Solut

ionPr

ofes

siona

l Ser

vice

s