The Leibniz Institute for Agricultural Engineering and Bioeconomy plans to make the data connections within the ATB network as well as the connection to the outside more secure and reliable through the use of redundant firewalls. The aim is to ensure at the network level that only authorized persons and devices with the intended applications can access resources. The systems should also be able to detect and suppress network-based attacks. In the following, we will refer to the firewall pair for connecting to the outside as DMZ firewalls, and the pair for in-network security will be called segmentation firewalls. Only physical firewalls are an option. So far, a Palo Alto PA 850 DMZ firewall has been used in the ATB. Their complexly configured functions are to be completely transferred to the new DMZ system. The firewalls should be able to be managed together and also access the logs of the Palo Alto Cortex XDR agents of our endpoint protection system.

It is planned to put the firewall system into operation in Q4 2023 for 5 years.

See description of the main part