Navigate Up
Sign In

Fortinet Migrations

Publication Date: Dec 05, 2019
 

6H6A9656 to be used article.jpg

Written by: Reuben Camilleri 


Camilleri Reuben 334279M.jpgContinuous improvement is a process that an organisation shall strive to implement within its business operations and should be an integral part of its mission statement. It becomes therefore important that an all-round acceptance of quality control mechanisms to follow high level quality standards is embarked upon by all stakeholders. The idea behind continuous improvement is to retain high levels of competitiveness and to ensure that products or services meet current business needs whilst addressing all challenges which might be present within the relevant domain.

6H6A9665to use for article.jpgMalta Information Technology Agency (MITA) endeavours to implement continuous improvement as dictated in its three fundamental components of Transformation, Innovation and Excellence in order to accomplish its mission statement.  The MITA Network Services team is responsible for providing network connectivity of different technologies, mainly fibre and broadband, to around seven hundred remote sites made up of Ministries, departments and other government entities.

With continuous improvement in mind, one of the projects recently embarked upon by MITA was that of providing better network connectivity to Government sites. This new framework, now known as MAGNET (MAlta Government NETwork) 3, was the enabler for superior network scalability with improved network speeds per site.

In addition, in order to address the ever-increasing security challenges being faced nowadays, special focus was also given to improving the robustness and network perimeter security within government sites. Thus, the MITA Network Services team embarked upon an initiative to replace all site routers with firewalls.

The routers, which resided within these sites (technically termed as Gateways), lacked the required level of security mechanisms to overcome the current cybersecurity challenges whilst also nearing their end of life and vendor support. To this end, the project activities were divided into distinct but contiguous phases, prioritized according to business delivery.

Planning for the implementation of this project started towards the end of 2015, by thoroughly testing the different firewall models in a lab environment to ensure that the specifications addressed the requirements. Several test cases were developed to mimic real-world scenarios and to ensure full compatibility with MITA’s Core network. Tests, carried out over several weeks, uncovered several issues which upon further analysis were resolved with the implementation of added functionalities.

Having achieved the expected outcomes, the first phase of firewall installations focused on sites connected to MAGNET via a fibre network link. The implementation phase started by identifying a couple of sites whereby the new firewall devices could be further tested in a live environment whilst observing their behaviour and performance. After gauging the network performance and feedback from users within these test sites, the project continued by scheduling router replacements within all remaining fibre-connected sites. This task required extensive co-ordination with clients in order to identify an appropriate maintenance window during which network downtime incurred due to router replacement could take place. This phase of the project lasted around one and a half years and was therefore completed by the end of quarter three of 2017.

6H6A9675tobe used for article.jpgWith all fibre-connected sites equipped with new equipment, the successive year started with planning the installation of new firewalls within those remaining 200 sites connected to MAGNET through a broadband network link. Given the hefty number of sites, it was decided to divide this phase into two distinct stages. Hence, a new batch of firewalls was procured for installation in around 80 sites as part of stage one. Due to the dissimilar network connection technology setup of the sites’ network, the same approach of testing the firewalls within a limited number of sites was adopted. Armed with the lessons learnt during the first phase and the positive results of these new set of live tests, an average of three sites were scheduled each day.

The installation of firewalls within the remaining broadband-connected sites was underway in quarter one of this year (2019) by planning the procurement of equipment and scheduling of the remaining 120 firewalls. As a result, after following the same testing procedure, the installation of firewalls kicked off at the beginning of July. Through effective planning, which minimized the effect of reschedules, constraints and dependencies due to other priorities, this last phase was completed in the first week of October.

This project was also complemented with the setup of capacity management tools which leveraged the management and monitoring of all firewalls. With the use of such tools, proactive measures can be taken by timely addressing abnormal network or hardware performance issues hence minimizing, or even eliminating, possible network and service downtimes. In addition, processes can also be automated to run on pre-set schedules outside office hours or when these require substantial time to complete therefore heavily reducing administration overheads.

The implementation of this project gave way to enhanced network security within all Ministries, departments and entities of the Maltese Government. The increased comfort levels introduced with this new technology means that Government departments can rely on improved network speeds in addition to augmented network security countermeasures. These are all important factors in today’s digital age when implementing or adopting new systems required to deliver services to Maltese citizens.