Upload
jgeneie
View
168
Download
2
Embed Size (px)
Citation preview
1
Upgrade of Semi-Trusted Firewall
Eugene Go
April 2010
2
Nature of Incident
Firewall GUI hang when newly implemented rules are saved
Impact
No disruption of services but no new rules can be implemented.
Cause of Incident
Software bug in current v6.1.2.04 caused the firewall GUI to hang when newly
implemented rules are saved.
Next course of action
Upgrade the software to v7.0.0.07
3
Start-End Duration
1) Setup the Spare Box (Pre-activity)
2) Upgrade the PASSIVE firewall TBA 4hrs
3) Application Testing before the start of TBA 30mins
promoting the PASSIVE to ACTIVE
4) Promote the PASSIVE to ACTIVE TBA 40mins
+ Application testing
5) HA the Spare box TBA 10mins
6) Promote the Spare box to ACTIVE
+ Application testing TBA 40mins
Upgrade Activity List
4
Fallback and Mitigation Plan
Fallback Activity if upgrade fails on PASSIVE Firewall
Checkpoint Duration
1) Revert back to original active firewall TBA 10mins
2) Application test needed after fallback TBA 30Mins
Mitigation
1) Setup a spare onsite
2) Vendor will also be onsite standby the following day
5
List of Application Impacted
Application Affected OCBC Support Contact No. Pre-Act Test (Y/N) Post- Act Test (Y/N) Fall-Back Test (Y/N)
Reuters Roger Ang
Cyborg/Hewitt (CB)
Great Easten Life(GE)
GE MQ Series
ATM online
MAS SMTP
NETS Connect Direct
Credit Card embossing
Connect Direct
NTUC Link CardsMasterCard
VISA
IKEA Connect Direct
eNETS
EDC
Stratech OCOE
SG Pools
Orange Gum
Credit Bureau
FairEx - OSPL
SGX OSPL
Deutsche Bank - OSPL Abdul 9668-9534
Telekurs - OSPL (TK) Abdul 9668-9534
XOL - OSPL Janet Foo 9677-9887
Star - OSPL Janet Foo 9677-9887
SNP - OSPL Janet Foo 9677-9887
Currenex - OSPL Janet Foo 9677-9887
PATs - OSPL Janet Foo 9677-9887
Bloomberg (BG) Roger Ang
Mobil FTP
Cheque Transaction
System(CTS)
CTS Toa payoh Jon 82885064
CAPS Reyes Don 97384669
DP Finance
SwiftNet Zhang Jinjin
Data Post
Fax and telex Zhang Jinjin
6
Thank You!