BCTC will be installing new campus firewalls from 7-9am on Saturday, January 16th, 2021. These firewalls replace equipment that is nearing end of life and will support higher performance. There will be brief interruptions to the campus internet connections during this time. In addition, all VPN connections that are active at that time will be disconnected and will need to be reestablished. Please monitor BCTC social media (bctcbaruch on Twitter and Facebook) for status updates at that time. If you have trouble connecting to services after this service window, please contact the Helpdesk at firstname.lastname@example.org.
The current campus firewalls are over 6 years old and are nearing the end of support by the vendor. In addition they do not support the latest versions of the firewall software available from the vendor which offers more advanced security features and up-to-date configuration options. CUNY initiated a project late last year to procure new firewalls for all the CUNY campuses. We began the migration plan by reviewing the existing firewall configurations and removing outdated rules and other ineffeciencies. We received the new firewalls from CUNY back in December and since then have been migrating the configuration from the existing firewalls to the new ones, and have validated the configuration.
The old firewalls are in a redundant pair that supports full failover and backup if a connection is disrupted or a problem causes a firewall to crash (which is incredibly rare). The new firewalls will also be in the same redundant configuration. On Saturday morning we will disconnect the redundant pair, and then physically move the network connections from one of the old firewalls to the new firewall. At that point we will test connectivity on- and off-campus to a defined list of services that will indicate that the connection is operating normally. Since the configurations are identical and we’re plugging the new system into the same ports as the old system, we expect less than a few minutes of disruption while the firewalls configure for the network. If that does not happen we will troubleshoot the connection, with the worst case scenario being that we switch back to the old firewall and regroup. If as expected the new firewall works correctly, we will then connect the second new firewall to the network and reestablish the high availability connection between them to preserve redundancy. The only actual disruption of service occurs when we move the physical fiber optic cables from the old firewall to the new firewall, and then the new firewall becoming known to the existing network, a process we expect to only take a few seconds but in no case should take more than 5 minutes.
As we plan for other future network upgrades in anticipation of being able to support in-person and hybrid learning in Fall of 2021, the new network switches being installed will support higher-speed connections between campus buildings and the CUNY ring connecting to the Internet. The new firewalls have high speed interfaces that will allow us to fully benefit from the connections to the new network equipment. For now we are using the connections for our existing network.