Determine Your Access Strategy for Business Continuity
Focus
Focus

Determine Your Access Strategy for Business Continuity

Table of Contents

Determine Your Access Strategy for Business Continuity

A secure out-of-band network enables firewall access during network and power outages.
Your business continuity plan should include provisions for how to connect to critical devices, including firewalls and Panorama, during power outages and other events that prevent connecting to those devices over normal communication channels. The ability to connect to and manage devices on an out-of-band (OOB) network enables you to continue running your business when primary networks and power sources are down. Business continuity should be a core consideration of your network architecture.
An OOB network is a secure method of remotely accessing and managing devices and does not use the primary communication channels. Instead, OOB networks use separate communication channels that are always available if the primary channel fails and have a different source of power than the primary network. Depending on your network architecture, you may use both the primary network and the OOB network to access and manage devices in day-to-day operation.
The OOB network should never rely on a power source or network that could fail concurrently with the primary access network. How you architect OOB access to devices depends on your network architecture and your business considerations, so there is no “one size fits all” method of ensuring connectivity. However, there are guidelines that help you understand how to meet the goals of an OOB access network:
  • Power considerations—Use a different power source (a separate circuit or a protected or battery-powered source) for the OOB network than you use for the regular access network. If you lose power to the regular network, you won’t lose power to the OOB network.
    Use power distribution unit (PDU) controls to remotely power devices on and off.
  • Secure connection method—There are a number of ways to connect securely to an OOB network, for example, a terminal server device, a modem, or a serial console server. Examples of secure networks you can use for OOB access include LTE, dial-up, and broadband (completely separated from the normal broadband network) networks. The connection method you use depends on your business needs and network architecture.
    Regardless of the method you select, the connection must be secure, with strong encryption and authentication. See Administrative Access Best Practices for advice about how to secure management connections to the firewall and Panorama.
    You can connect into an OOB network remotely using SSH with strong authentication over an Ethernet LAN or you can dial in over a serial connection. The outbound connection will be serial.