Why was the firewall upgrade necessary?
By now, you have heard and read about SLAC IT’s initiative to move toward Zero Trust Architecture (ZTA) to further protect SLAC’s data and provide a level of security now required across the DOE complex.
“Our networks serve as the foundation for creating secure boundaries and monitoring traffic flow within SLAC's infrastructure. By establishing controlled areas and closely monitoring network activity, we enhance the protection of sensitive data and reduce the risk of unauthorized access.” - Jon Russell, Chief Information Officer
One of the key projects under this initiative was the network Firewall Replacement project, a significant project that was completed by the SLAC IT Networking team this past spring.
“Network firewalls are the gateway into SLAC’s internal networks. As such, they are designed to provide a level of security to our core network routers and internal firewalls from the ever increasing sophistication to threats to our data. For this reason it is important that our firewalls are properly maintained and are capable of protecting our networks with today’s modern, enhanced security features.” - Mark Foster, Director of IT Infrastructure
What changes were implemented?
The SLAC IT Networking team of Matthew Mountz, Kent Reuber, Swetha Danala, and Mark Foster upgraded the primary SLAC network firewalls this past April. The old, end-of-life Palo Alto Network firewalls were replaced with newer, more advanced Palo Alto Networks firewalls. Due to the diligent planning by the team, the transition to the new firewalls was largely transparent to SLAC network users and applications.
While the new firewalls are much more powerful than the previous firewalls, the current traffic did not exceed the capabilities of the old systems. As new applications are deployed and existing ones put heavier demands on the network, the additional capacity will be necessary. With this upgrade, laptops and computers may now experience higher data rates.
In addition, the new firewalls have more advanced capabilities to better defend against increasingly sophisticated network attacks. With this upgrade, the SLAC IT Cyber and Networking teams will be able to provide protections that strive to be more proactive versus reactive. They form a key element of a SLAC initiative toward zero trust that will be used to bolster the security and protect the integrity of applications and data.
In the near future, SLAC IT Networking also plans to implement Palo Alto Networks Global Protect service. This is expected to be a Virtual Private Network (VPN) alternative for the existing Cisco AnyConnect system. Global Protect should offer improved capabilities over AnyConnect, and is expected to be able to better support some of the more distant hybrid and remote employees.
For more information about SLAC’s Zero Trust Architecture initiative visit the ZTA project site.