1. Background
According to security improvement, our company decided to install a firewall within our computer network system in order to protect the network system from outside hacking. The firewall should be able to regulate outbound and inbound network traffic between the LAN and WAN network.
2. proposal of Firewall technical setup
IBM was invited to perform feasibility study and to propose a firewall solution for our company. IBM proposed using Cisco Pix 525 firewall solution with Cisco Catalyst 2970 switch. Both Firewall and Switch would be located in the main server room due to the physical space concern, centralized control and physical security issue.
Two Firewall devices with Cisco Pix 525 model, are configured using Active-Passive mode. The Pix 525-UR model is for normal Firewall usage while the Pix525-FO model is for fail-over use only and the customers could enjoy more cost savings from this approach. Two firewall devices are connected using a fail-over sync cable and could provide high availability during critical times.
Cisco Catalyst 2970 is mainly to redirect network traffic to another firewall when failover occurs.
3. proposal of FiREWALL setup Diagram
<< Deleted>>
4. Evaluation
4.1 Commercial Concern
Purchasing Dept invited four vendors to provide quotation, including IBM, ASL, Software Spectrum and Kenfil. To compare four quotations with the same purchasing devices, xxx provides the best price. Hence, we advise to select xxx as our firewall vendor.
4.2. Technical Concern
The firewall configuration was proposed by vendor after site survey. HK-IT dept team conducted the technical review and approved the configuration.
4.3 Implementation Risk
4.3.1) Network down-time for implementation
At the time of Firewall implementation (i.e. time to put the Firewall in production), the whole network is planned to shutdown for half day. Then, the network will not be available to all users, especially not available of ERP System. It may have some risk to business operation, which has to be absorbed, and well plan ahead.
Risk Migration: Due to the network down, our company has to absorb the business impact through operation planning, such as re-schedule the operation of critical work.
4.3.2) Network Performance Issue
After the firewall was implemented, the network performance should be affected because it has an additional device in the middle of the network. However, this performance impact should be minimum based on the technical evaluation and the experience from other implemented sites. Anyway, we may have risk of performance issue.
Risk Migration: the risk of performance issue can be addressed through sophistical testing before implementation as well as monitor the network response after implementation.
5. project schedule
The detail schedule is as attached, however, this schedule is subject to the Budget and PO approval, which we target the approved PO can be issued to vendor in week of xxx, next, the vendor will delivery the firewall to us by date1 because it takes 6 weeks delivery lead time.
The whole firewall implementation project is last from 21Mar to 25Jun, and we target to complete it by end of June.
6. PROJECT Budget
Purchase Dept performed the vendor selection among four vendors, IBM, ASL, Software Spectrum and Kenfil. The whole Firewall project is required to budget — USD 3xxxx.