Press "Enter" to skip to content

Palo Alto Firewall Migration Plan Tasks List

0

It is simple breakdown for a complicate firewall migration plan. It can be used to plan migration from existing firewalls to new Palo Alto Firewall. The tasks should be modified based on the real production situation in your environment.

This is for on prem case. For cloud situation, the tasks will be slightly different. But most will be same.

No Task Order % Due date
1 Prestage
firewalls (FW mgmt settings, mgmt tunnel, software updates)
10 100% 19/11/2019
2 Racking/mounting 15 75%
3 Network
connectivity (switch ports assignment)
20 50%
4 Network
connectivity (switch ports configuration/Etherchannel, etc.)
25 0%
5 Generate
firewall self-signed certificate
30 0%
6 Distribution
of firewall certificate to endpoints
32 0%
7 Define
URL Filtering policies (Internal users, guests, servers)
34 0%
8 Configure
URL Filtering profiles
36 0%
9 Identify
external host for URL blocking page hosting
37 0%
10 Configure
URL Filtering blocking page (requires hosting on public website)
38 0%
11 Define
VPN gateway FQDN
40 100%
12 Generate
SSL certificate for VPN gateway
42 100%
13 Create
AD Palo Alto VPN prerequisites
43 0%
14 Configure
Palo Alto VPN gateway
45 0%
15 Configure
GlobalProtect VPN client
47 0%
16 Test
GlobalProtect VPN connectivity
49 0%
17 Identify
VPN tunnels and 3rd party admins
50 30%
18 Identify
DMZ hosts
51 50%
19 Identify
OSC resources accessed via site-to-site VPN
52 0%
20 Identify
3rd party resources accessed via site-to-site VPN
54 0%
21 Identify
routing for VPN tunnels/DMZ hosts
55 50%
22 Identify
routing changes for Phase 1 (Cisco ASA firewalls in parallel with Palo Alto)
56 20%
23 Configure
routing for VPN tunnels/DMZ hosts (if applicable)
57 0%
24 Create
timelines for VPN migration
58 0%
25 Define
SSL Decryption Firewall Policies (outbound only)
60 0%
26 Configuration
of SSL decryption domain -> 1 firewall interface
63 0%
27 Switch
SPAN ports configured for SSL decryption domain
65 0%
28 Firewall
rules migrated/configured
70 15%
29 Deployment
of Palo Alto UserID Agent
71 30%
30 Palo
Alto UserId Integration
72 0%
31 Define
firewall IPS/Antimalware inspection policies
74 0%
32 Implement
firewall IPS/Antimalware inspection policies
75 0%
33 Define
logging policies
76 75%
34 Implement
logging policies
77 50%
35 Testing
(users, scope, applications, websites, etc.). Identify remote sites for
testing (to add static routes).
80 0%
36 Transition
to Day 2 – Next Phase
100 0%

Leave a Reply

%d bloggers like this: