Firewall Upgrade


Fidelity National Financial / FIS
2204 Garnet Ave
San Diego, CA 92109


November 2004


Client's existing Internet Security and Acceleration Server (ISA) provided enterprise firewall and web cache capability, but didn't support additional needed configurations and capabilities.

The Challenge

To prepare for the firewall replacement, many of the unknowns regarding the ISA Server's configuration had to be identified and re-designed.  For example, numerous "any" firewall rules that allowed any protocol from any source to any destination existed and had to be restricted.  This required a in depth analysis of source code and configuration files for the numerous systems  the firewall protected.

The Solution

Replaced the ISA Servers with Cisco PIX 535 Firewalls installed in a fail over configuration. Standard ports were restricted to specific IP addresses rather than having them open to the public.  Configuration of the inside, outside and all DMZ ports as was completed. Additionally, all necessary code and configuration settings requiring changes were identified and completed allowing the elimination of all "any" rules.

The Result

The new firewall supported a wealth of advanced security and networking services providing the client with: rich stateful inspection firewall services, tracking the state of all network communications and preventing unauthorized network access. The additional DMZ's provided improved segmentation.  Additional capacity for VPN as well as ease of administration was added and all the "any" rules removed providing improved overall defense.  


About FNF

Fidelity National Financial, Inc. (NYSE:FNF), is a leading provider of title insurance, mortgage services and restaurant and other diversified services. For over thirty years we have found opportunistic ways to provide industry leading products, services, and value.