CLH Ltd. – Integration of firewall devices
Our client uses Juniper firewall devices for the safe communication via Internet and between the premises. Before the planned expanding of their services, they contacted us. Besides rationalizing the complicated configurations our client targeted the effectiveness of the redundant internet accesses completing with the following integration tasks:
- integration of a new Juniper SSG firewall device
- migration of the existing Juniper Netscreen firewall device
- building up redundant S2S VPN channels
- forming Active Directory integrated client VPN
- making the configuration transparent and effective
- changing of the internal IP range
- completing the full documentation
The experienced problems and their solutions
Problem: The rules at the firewalls became non-transparent and confusing.
Solution: We negotiated with our client in many steps concerning the reachable goals, and scanned the usage of the actual rules. As a result of the successful communication the control-system was totally redesigned, and IP addresses regard to the new organization were distributed. Configuration was done keeping the system alive, and was introduced after testing.
Problem: Configuring client-based remote VIP access
Solution: With the help of the identificaton service of Microsoft Active Directory address list used by our customer, we built up a secure remote access, easy to administer. We made possible to use client profiles using the firewall devices’ local identification, and 3rd party VPN client profiles (Shrewsoft) as well.
Problem: More effective usage of the redundant internet accesses, building up redundant S2S VPN channels.
Solution: During the survey and the discussion we realized that the most important aspects are simplicity and transparency of the settings. That’s why we decided that in place of the difficult to configure policy based routing not appearing in the routing tables, the logical conventional routing was constructed taking the bandwidth and the availability of the internet accesses also into account. Based on the same aspects we built up the VPN channels connecting the premises.