Penn State shield
Skip to content Skip to search

Headlines

ITS Alert - Resolved: Notice of Changes to Data Center Firewall Management (Panorama)

/alerts

ITS Alerts by Date


ITS Alerts by Service

ITS Alerts by Location

  • red boxCurrent Alert
  • green boxResolved Alert
  • orange boxFuture Alert

Resolved: Notice of Changes to Data Center Firewall Management (Panorama)

Last updated on September 13, 2017 at 5:42AM

Update on September 13, 2017 at 5:41AM

The changes to Panorama are complete, with a few exceptions. There are some clean up tasks that need to take place that should not create outages. Configuration locks are removed.

- Zone changes to are half complete. The new, correct, zones have been added, the old zones were not removed. Use Trust_vw and Untrust_vw in any new rules you make. There is an emails scheduled to come out around 7:45 with some more info. Also, recheck the quick start guide as it was updated.
- Device groups need to be renamed to something that makes a little more sense. The vsys numbers are still in the device group so you should be able to find your way around.
- The changes to permissions were not implemented. You still have the same level of access to the physical firewalls. PLEASE do not make changes on the physical firewalls. It won\'t break anything, but makes for more cleanup.

If you have any questions please reach out to DCS for more assistance. Service now tickets against service Data Center Services are your best bet.

Thanks everyone for bearing with us as we make this substantial change.

Update on September 12, 2017 at 7:01AM

Configuration locks have been applied on Panorama and the University Park firewalls. Since configuration changes for the Hershey firewalls are performed in Panorama, no Data Center Firewall changes can be made. You can log in to view logs, if needed.

If you are in need of an emergency firewall change please open an incident against Data Center Services or contact the operations center at 814-865-4662.

Original Alert

Please see http://alerts.its.psu.edu/alert-4725 for original alert.

CAB approved CHG0043372.

On Tuesday 9/12 , starting at 7 am until Wednesday 9/13 ending at 7 am, a configuration lock must be put on Panorama and the University Park firewalls. If changes within Panorama, the Hershey firewalls or the University Park firewalls are needed, please open an incident against service “Data Center Services” or contact the Operations Center at 865-4662. The operations center will open a ticket on your behalf.

On Tuesday 9/12, starting at 8 pm until Wednesday 9/13 ending at 7 am, the Hershey firewalls will be moved from local management to Panorama management. The remediation process dictates that we must remove a firewall from the HA pair, proceed with the reconfiguration to Panorama management, then bring the firewall back in to service. The process then repeats on the the other firewall. While a firewall is being taken out of and back in to service, a momentary traffic disruption will occur. An outage of up to 5 minutes is possible for some applications depending on their behavior and tolerance for a lost packet in a session. Although the testing process has shown there does not need to be an extended outage, if there is an emergency an outage of up to 60 minutes may be experienced to rebuild the firewalls.

Starting Wednesday 9/13, all Data Center Firewall Management will be done through Panorama. Further information and documentation is still forthcoming. Please see the original post with a summary of the impact to firewall management.

For more information, please contact Data Center Services (ITServiceDesk@psu.edu).


Back to ITS Alerts

Impact Information

  • Incident Type:
    Scheduled Maintenance or Upgrade
  • Locations affected:
    All locations
  • Began on:
    September 12, 2017 at 8:00PM
  • Issue Resolved:
    September 13, 2017 at 5:42AM