July 26, 2023

Keeping SLAC networks secure

Network firewalls are the gateway into SLAC's internal networks. SLAC's network firewalls were upgraded to improve security and prepare for future  growth.

By IT Communications

Why was the firewall upgrade necessary?

By now, you have heard and read about SLAC IT’s initiative to move toward Zero Trust Architecture (ZTA) to further protect SLAC’s data and provide a level of security now required across the DOE complex. 

“Our networks serve as the foundation for creating secure boundaries and monitoring traffic flow within SLAC's infrastructure. By establishing controlled areas and closely monitoring network activity, we enhance the protection of sensitive data and reduce the risk of unauthorized access.” - Jon Russell, Chief Information Officer 

One of the key projects under this initiative was the network Firewall Replacement project, a significant project that was completed by the SLAC IT Networking team this past spring.

Network firewalls are the gateway into SLAC’s internal networks. As such, they are designed to provide a level of security to our core network routers and internal firewalls from the ever increasing sophistication to threats to our data. For this reason it is important that our firewalls are properly maintained and are capable of protecting our networks with today’s modern, enhanced security features. - Mark Foster, Director of IT Infrastructure

What changes were implemented?

The SLAC IT Networking team of Matthew Mountz, Kent Reuber, Swetha Danala, and Mark Foster upgraded the primary SLAC network firewalls this past April. The old, end-of-life Palo Alto Network firewalls were replaced with newer, more advanced Palo Alto Networks firewalls. Due to the diligent planning by the team, the transition to the new firewalls was largely transparent to SLAC network users and applications. 

network engineering team screen shot
​IT Networking team - Swetha Danala, Mark Foster (Director, IT Infrastructure), Daniel Ruelas, Matthew Mountz, and Kent Reuber

While the new firewalls are much more powerful than the previous firewalls, the current traffic did not exceed the capabilities of the old systems. As new applications are deployed and existing ones put heavier demands on the network, the additional capacity will be necessary. With this upgrade, laptops and computers may now experience higher data rates.

In addition, the new firewalls have more advanced capabilities to better defend against increasingly sophisticated network attacks. With this upgrade, the SLAC IT Cyber and Networking teams will be able to provide protections that strive to be more proactive versus reactive. They form a key element of a SLAC initiative toward zero trust that will be used to bolster the security and protect the integrity of applications and data. 

What’s next?

In the near future, SLAC IT Networking also plans to implement Palo Alto Networks Global Protect service. This is expected to be a Virtual Private Network (VPN) alternative for the existing Cisco AnyConnect system. Global Protect should offer improved capabilities over AnyConnect, and is expected to be able to better support some of the more distant hybrid and remote employees.

For more information about SLAC’s Zero Trust Architecture initiative visit the ZTA project site.

Dig Deeper

Related Stories


If you use Stanford Google tools — like My Drive, shared drives, or Gmail  — read on to learn about some upcoming service changes.

files and folders hanging from a cloud

We’ve curated valuable insights and resources to help you stay vigilant during the winter closure and safeguard your belongings.

Wreaths and presents on car truck

Slack is tidying up its interface by adding new features and consolidating or re-arranging others — all while keeping the platform’s familiar feel.

person with digital pen in hand signing virtual documents