Shared Firewall FAQ
Shared Firewall FAQ
How do I update my windows firewall?
- Create an Inbound Port Rule
- Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
How do I update my IPtables?
Learn how here
How can I reach out to my Account Manager to purchase a new firewall (a direct email account/phone number on how to reach out (without having to go through support)?
You can respond to the email that you received. If you do not have an email or can’t find it, reach out to the CSG Team at firstname.lastname@example.org.
How do I reach out to learn more about AWS/Azure to move my environment to 3rd party cloud?
You can reach out to your Account Manager (see above). They will be more than happy to discuss the options with you.
Are our old rules being copied over to the server(windows/IPtables)?
Yes, your existing rules will be copied along with modifications to adjust for the changes in the IP addresses that are going to be used for the migration. The intent is to implement exactly the same functionality on the new platform.
When do I have to get off the shared firewall?
Our plan is to shut down the shared firewall by the end of 2020. Most migrations will need to be completed by mid-November 2020 to avoid the holiday change moratorium.
Why do I have to do this?
The reason that we are undertaking this change is that the current Shared Firewall has been determined to be a weak link in our security program and we are concerned that this system could put all of the servers that are behind the firewall in jeopardy. In addition to the security issues, the system is becoming unstable and is placing all of the Customer’s systems at risk due to the potential of a catastrophic failure. Finally, the architecture that is implemented on the Shared Firewall is not one that we can support for the long term.
What happens if I do not do anything?
At the time that all other Customers have been migrated off the Shared Firewall, the system may be shutdown. If that happens, your servers will be unreachable. There may be a decision made to leave the Shared Firewall running but we will remove support for it which will put you at risk if the system fails and you will not be able to make changes to your firewall rules.
Does my bill change?
If you move to the IPTables / Windows Firewall options, there is no change in your bill. Our support for this migration is at no cost. If you choose to move to a hardware dedicated firewall, there may be an increase in your bill but that can be explored with your Sales Manager.
What are the benefits of hardware firewall over windows/IPtables?
Hardware firewalls have significant advantages over software firewalls including speed (along with off-loading that load from your server) and providing deeper management logic.
Will my IP change?
YES. Unfortunately, we don’t have a means to maintain your existing IP addresses while migrating your firewall functionality from the Shared Firewall to your new software or hardware firewall.
What does the process for the re-IP look like?
The support team will provide you with the new IP, work with you to design the new configuration, schedule the cutover for your environment, and support the testing of your systems and applications.
What else can be impacted during an IP change?
Everything that uses specific IP addresses will be impacted by the change. This can include DNS records, application-specific connections (VPNs, database connections, and program-to-program connections for example) as well as other configuration parameters. You should have a full understanding of your test plan to ensure all the needed applications do not lose functionality during this cutover.
Is it possible to keep my existing IP addresses active while I “transition” to the new IP addresses?
Unfortunately, it is not possible to do this. The reason for this is that the networks that are used for the connections to your new IP addresses are incompatible with the network that is used for the Shared Firewall. For this reason, the cutover needs to be a ‘big bang’ transition.