• Preparation of an firewall audit
• Recommendation and implementation of optimization measures based on the audit
• General Network Infrastructure Optimization Recommendations

Project DC-Firewall Policy-Cleanup:

• Step 1 - Conception of the procedure
• Step 2 - Classification of policies into sequence groups and splitting of general policies
• Step 3 - Coordination with product owners about the upto- dateness of the ports/target servers
• Step 4 - New sorting of the remaining policies

Project Development of a comprehensive threat protection strategy:

• Step 1 - Re-assessment of the network architecture (including DMZ segmentation) to reduce the attack surface
• Step 2 - Development and implementation of a companywide security strategy (including locations) based on the security audit carried out
• Step 3 - Closing identified security gaps and introducing restrictive policies based on the principle of least privilege; Bridge to the Policy-Cleanup project
• Step 4 - Construction of suitable UTM/NGFW security profiles (IPS/IDS, AV, web filter, app control) for each service/application
• Step 5 - Selection of Policies for Tester Group
• Step 6 - Activation of UTM profiles & accompanying log analysis; Screening for false positives & reporting
• Step 7 - Fine-tuning or adaptation of UTM profiles
• Step 8 - Go Live & Accompanying Log Analysis
• Step 9 - Development of process guidelines

Administration of all FortiGates (>500) models 2601F / 60F:

• Administration Policies / Approval of Approvals
• Administration IPSec-S2S-Tunnel
• Administration UTM: IPS, AV, SSL inspection, web filter, application control
• Administration Interface
• Administration Access Authorizations
• Recommend & perform firmware upgrades

Administration FortiADC:

• Creating, modifying and deleting virtual servers / server pools
• Optimization of L4 & L7 load balancing
• Monitoring & Optimization of Health Checks
• Certificate management
• General administration of partitions
• Firmware upgrades

Administration EMS / FortiClient:

• Recommending & Performing FCL Updates
• Adminstration Web Filter Settings
• Troubleshooting connection problems
• Preparation for the switch from SSL VPN to IPSec

Administration FortiWeb:

• Creation, deletion of new domains
• Administration of policies
• General Management Security Profiles
• Certificate management
• Troubleshooting Memory Bug

FortiManager

• Integration of all firewalls into the FortiManager
• General administration of the firewalls via the FM
• Monitoring & Optimization

FortiAuthenticator:

• General management of users
• Administration of authentication methods
• Troubleshooting Faulty HA Clusters
  • General Support Services / Troubleshooting Incidents
  • Regular firmware upgrades (PSIRT checks)
  • Security/Threat Analysis
  • Support for the SD-WAN pilot project

• Development of a new network infrastructure
• Network Design Visio
• Network segmentation and VLAN concept (BSI compliant)
• Firewalling Concept
• Creation of an IPAM
• Planning Number of Access Points
• Expense planning for the move
• Review of procurements

• Technical project management
• Further development of the monitoring and security concept in the area of LAN (reporting via CheckMK, 802.1x-Auth)
• Conception of location-flexible working in the LAN sector
• Conception of the comprehensive administrative WLAN
• Project management Implementation of pull printing in the area of printing (management of print jobs via central print servers, RFID card authentication)
• Assessment of IT architecture requirements taking into account the eGovernment Act

• Support of the IT department in support
• Troubleshooting
• Review of the redesign of the new Extreme WLAN infrastructure (complete replacement of the existing infrastructure, migration to a new controller)

• Advice on migration procedures:
  • Advice on migrating services to the cloud
  • Review of the existing OBASHIs
  • Advice on migration strategy and corresponding scheduling based on the OBASHIs
• Advice on address translation (=NAT) as an interim solution for the conversion to IPv6:
  • Parallel to the migration process: Analysis of communication links
  • Classification of communication links for which a NAT is required
  • Recommendation of the appropriate NAT strategy for the respective communication links
• Review of the customer's network plans for security vulnerabilities

• Configuration and Administration of >1200 L2/L3 Devices (Cisco Catalyst 9200, 9300)
• Construction and commissioning of new data centers for various customers
• Improvement of customers' NAC infrastructure:
  • Prevention of spoofing attacks
  • Prevention of DoS and DDoS attacks
• IPAM and Cisco ISE Administration for the ITZ Bund locations
• Monitoring (Checkmk)
• Troubleshooting in the area of Access LAN
• Second/third-level support in the area of access LAN

• Construction, commissioning and administration of new WLAN and LAN infrastructures (Cisco, Extreme/Aerohive); Support of >300 locations with large infrastructures
• Network analyses / troubleshooting of performance problems (3rd level)
• Plan and illuminate new wireless networks with Ekahau Site Survey
• Management of access points via the cloud controller (Extreme Cloud IQ)
• Creation of internal documentation (Confluence)