Get Help

Online: Request Help
Phone: (707) 826-HELP (4357)
Email: help@humboldt [dot] edu
In Person: Library 120 • Hours
Reset HSU Password
System Status

Services For

Emergency Maintenance on Edge Firewalls

Printer-friendly versionSend to friendPDF version

On 3/28/13 at 4:57pm, our edge firewall cluster experienced an issue where the primary firewall (inside NR Bldg 40) failed to pass packets correctly between trust and untrust as designed. It is unclear why this occurred; however, it was noted by network techs that exceptional packet loss was observed.

This resulted in the inability of our campus to access the Internet intermittently, significantly interrupting the university mission.

In working with the vendor's support system (JTAC), we have been requested to remove the firewall from the cluster and begin operating on the secondary cluster member (inside SH Bldg 1). This is to allow JTAC support and network analysts from HSU to begin working on identifying why there was an outage.

It has been suggested by JTAC that we examine hardware components first, given the age of the firewalls and sudden, unexpected nature of the outage. In order to start this, the firewall must be placed into a maintenance mode at a lower level of operations where packets flows are not possible. Basically, we need to run utilities on the hardware which we can't do when it's being used.

At 3am, TNS will perform a manual fail-over to the edge firewall cluster pair in SH and then next business day begin running an in-depth analysis on the firewall's hardware components.

At 3am, TNS will also perform a state switchover on the server farm firewall to resolve some packet loss issues identified in a small percentage of transmits from the SH Core. The Server Farm firewall will switch from being active in SH to being active in Van Matre, as originally designed. This will be an optimal switch path for all networks now living on the server farm security zones.

feedback