Whenever you have to implement a new firewall policy or you need to change a current firewall policy, an important step in the process of implementing the firewall change is to schedule an appropriate time for configuring the firewall and committing the change.

Choosing a wrong time to implement or modify a firewall policy can have serious consequences.

Why is it important to schedule the policy?

• The change may impact the traffic flow; if connections are dropped some services will be affected.
• If such services are critical, then the business’ operations will be affected too.
• To minimize any (side) effects of the firewall change; the impact of a wrong change during peak business/working hours is greater than the impact of a wrong change during non-working hours.
• To notify the customers; the customers may be affected by the change, e.g. if a short downtime is necessary.
• The staff members that implement and monitor the change will need to be present during non-working hours if the change is committed during such an interval.

Emergency change

Sometimes an immediate change is needed during business/working hours, for example as a response to an attack against a critical service. In this case, often best judgment is used to implement the change skipping the schedule.

Be prepared to notify any affected clients very quickly; communication is important to maintain trust.

Scheduling the change

Normally, unless pressed by some issues, you can schedule a firewall change by following a few simple rules:

• Schedule it during non-working hours.
• Notify the needed staff members to synchronize their work schedule.
• Notify in advanced any affected clients.
• If you use a form of auto-implementing the firewall change, verify that the time is synced correctly (e.g. Pacific Time).

Conclusion

Scheduling appropriately a firewall change (implement a new policy, modify or delete a policy) ensures that the change will go smoothly with minimum impact over the traffic flow.