Next-Generation Firewall
Determine Your Access Strategy for Business Continuity
Table of Contents
Expand All
|
Collapse All
Next-Generation Firewall Docs
-
-
-
-
-
-
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 11.0 (EoL)
- PAN-OS 10.2
- PAN-OS 10.1
- PAN-OS 10.0 (EoL)
- PAN-OS 9.1 (EoL)
- PAN-OS 9.0 (EoL)
- PAN-OS 8.1 (EoL)
-
- PAN-OS 12.1
- PAN-OS 11.2
- PAN-OS 11.1
- PAN-OS 10.2
- PAN-OS 10.1
Determine Your Access Strategy for Business Continuity
Plan your strategy for business continuity as you set up your Next-Generation
firewalls and choose your central management system.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Plan your strategy for business contituity as you plan you Next-Generation Firewall
deployments with Strata Cloud Manager, PAN-OS, and Panorama.
Cloud Management
Learn how to plan for business continuity when setting up your new NGFWs.
Coming Soon
PAN-OS & Panorama
Plan out your business continuity strategy in preparation for any events that may
prevent you from connecting to those devices over normal communication channels.
Your business continuity plan should include provisions for how to connect to
critical devices, including firewalls and Panorama, during power outages and other
events that prevent connecting to those devices over normal communication channels.
The ability to connect to and manage devices on an out-of-band (OOB) network enables
you to continue running your business when primary networks and power sources are
down. Business continuity should be a core consideration of your network
architecture.
An OOB network is a secure method of remotely accessing
and managing devices and does not use the primary communication channels.
Instead, OOB networks use separate communication channels that are always
available if the primary channel fails and have a different source of power than
the primary network. Depending on your network architecture, you may use both
the primary network and the OOB network to access and manage devices in
day-to-day operation.
The OOB network should never rely on a power source or network that could fail
concurrently with the primary access network. How you architect OOB access to
devices depends on your network architecture and your business considerations, so
there is no “one size fits all” method of ensuring connectivity. However, there are
guidelines that help you understand how to meet the goals of an OOB access
network:
- Power considerations—Use a different power source (a separate circuit or a protected or battery-powered source) for the OOB network than you use for the regular access network. If you lose power to the regular network, you won’t lose power to the OOB network. Use power distribution unit (PDU) controls to remotely power devices on and off.
- Secure connection method—There are a number of ways to connect securely to an OOB network, for example, a terminal server device, a modem, or a serial console server. Examples of secure networks you can use for OOB access include LTE, dial-up, and broadband (completely separated from the normal broadband network) networks. The connection method you use depends on your business needs and network architecture. Regardless of the method you select, the connection must be secure, with strong encryption and authentication. See Administrative Access Best Practices for advice about how to secure management connections to the firewall and Panorama. You can connect into an OOB network remotely using SSH with strong authentication over an Ethernet LAN or you can dial in over a serial connection. The outbound connection will be serial.