1

Upgrade of Semi-Trusted Firewall

Eugene Go

April 2010

2

Nature of Incident

Firewall GUI hang when newly implemented rules are saved

Impact

No disruption of services but no new rules can be implemented.

Cause of Incident

Software bug in current v6.1.2.04 caused the firewall GUI to hang when newly

implemented rules are saved.

Next course of action

Upgrade the software to v7.0.0.07

3

Start-End Duration

1) Setup the Spare Box (Pre-activity)

2) Upgrade the PASSIVE firewall TBA 4hrs

3) Application Testing before the start of TBA 30mins

promoting the PASSIVE to ACTIVE

4) Promote the PASSIVE to ACTIVE TBA 40mins

+ Application testing

5) HA the Spare box TBA 10mins

6) Promote the Spare box to ACTIVE

+ Application testing TBA 40mins

Upgrade Activity List

4

Fallback and Mitigation Plan

Fallback Activity if upgrade fails on PASSIVE Firewall

Checkpoint Duration

1) Revert back to original active firewall TBA 10mins

2) Application test needed after fallback TBA 30Mins

Mitigation

1) Setup a spare onsite

2) Vendor will also be onsite standby the following day

5

List of Application Impacted

Application Affected OCBC Support Contact No. Pre-Act Test (Y/N) Post- Act Test (Y/N) Fall-Back Test (Y/N)

Reuters Roger Ang

Cyborg/Hewitt (CB)

Great Easten Life(GE)

GE MQ Series

ATM online

MAS SMTP

NETS Connect Direct

Credit Card embossing

Connect Direct

NTUC Link CardsMasterCard

VISA

IKEA Connect Direct

eNETS

EDC

Stratech OCOE

SG Pools

Orange Gum

Credit Bureau

FairEx - OSPL

SGX OSPL

Deutsche Bank - OSPL  Abdul  9668-9534

Telekurs - OSPL (TK)  Abdul  9668-9534

XOL - OSPL Janet Foo  9677-9887

Star - OSPL Janet Foo  9677-9887

SNP - OSPL Janet Foo  9677-9887

Currenex - OSPL Janet Foo  9677-9887

PATs - OSPL Janet Foo  9677-9887

Bloomberg (BG) Roger Ang

Mobil FTP

Cheque Transaction

System(CTS)

CTS Toa payoh Jon 82885064

CAPS Reyes Don 97384669

DP Finance

SwiftNet  Zhang Jinjin

Data Post

Fax and telex  Zhang Jinjin

6

Thank You!