Palo Alto NGFW Migration & Zero-Trust Policy Redesign

Context

A major UK financial services organisation with legacy firewall infrastructure spanning multiple data centres and cloud environments. Inconsistent legacy firewall rules amplified risk, hindered visibility, and slowed service delivery. The existing policy framework had grown organically over years, resulting in thousands of rules with limited visibility.

Challenge

The client needed to modernise their firewall estate while maintaining business continuity. Key challenges included: complex rule dependencies, lack of documentation, regulatory compliance requirements, and the need to implement Zero Trust principles without disrupting critical financial services.

Approach

Implemented comprehensive policy assessment and migration to Palo Alto NGFW with Panorama centralised management and zero-trust policy redesign. Conducted a thorough audit of the existing firewall estate, mapping rule dependencies and identifying redundant or conflicting policies.

Delivery

The engagement was delivered in phases: initial assessment and roadmap (4 weeks), policy framework design (6 weeks), staged migration and implementation (12 weeks), and validation and handover (4 weeks). Regular governance meetings ensured alignment with business priorities throughout.

Outcomes

Legacy & Sustainability

Delivered a repeatable reference architecture, Terraform and Ansible automation frameworks, and operational runbooks for ongoing policy lifecycle management.

Stack

What's Next

Following successful delivery, we continue to support the client with managed security operations and ongoing policy optimisation as part of a retainer engagement.