VPN Device Migration Frequently Asked Questions
As part of the Federal Reserve Banks’ ongoing efforts to keep pace with evolving industry and security standards, we have begun the Virtual Private Network (VPN) Device Migration project. This multi-year effort will require all FedLine Advantage® and FedLine Command® customers to replace their current VPN devices with a more contemporary solution at no additional cost for the new device. As of January 2, 2018, FedLine Solutions monthly package fees now include all VPN device equipment needed to operate with the Federal Reserve Banks. There will also be no additional installation fee for the new device.
The setup for the new VPN device will be similar to the setup for the current device, so this migration should be straight forward and require minimal to no changes to your environment. Additionally, this migration will continue to utilize the Connection Management Center (CMC) and our existing VPN device vendor. Available via FedLine® Home, the CMC is the Federal Reserve Banks’ web-based application that FedLine Advantage End User Authorization Contacts (EUACs) use to place VPN device orders. Please note that a credentialed Technical Contact at your organization can also assist with completing the migration order in the CMC; however, an EUAC must start the order and submit it.
Frequently Asked Questions
- What is the VPN Device Migration?
The VPN Device Migration project is a multi-year effort to migrate customers off the current VPN device that supports FedLine Advantage and FedLine Command and onto a new, more contemporary VPN device.
- What is the purpose of FedLine Advantage and FedLine Command VPN devices?
The VPN device is one of the key components that helps deliver a secure connection to the Federal Reserve Banks. The VPN device provides transport encryption for all data transfers and is designed to ensure that the data transfer originated from your organization. Additionally, the VPN device allows the organization to manage who has access to FedLine, by designating only specific FedLine Advantage personal computers (PCs) or FedLine Command servers to send traffic through the VPN device.
- Why does my organization have to migrate to the new VPN device?
FedLine Solutions strive to leverage state-of-the-art technology and are designed to deliver the secure and reliable service you expect from the Federal Reserve Banks. This project helps ensure that our FedLine Solutions continue to keep pace with evolving industry and security standards.
- When will my organization have to migrate to the new VPN device
In preparation for the Fortinet® FortiGate® 60C VPN device reaching end of support in 2020, we are directing all customers to migrate remaining 60C VPN device(s) as soon as possible and before the end of this year, December 31, 2019.
- Is it possible for my organization to migrate to the new VPN device in advance of our planned migration date?
Yes, it is possible to migrate in advance of your planned migration date. If you are interested in migrating your VPN device prior to receiving migration communications, a FedLine Advantage EUAC can submit a migration order at any point in time by visiting the CMC. Please note that a credentialed Technical Contact at your organization can also assist with completing the migration order in the CMC; however, an EUAC must start the order and submit it. If you have questions, please contact the Customer Contact Center for assistance. We will make every effort to work with your organization to find a migration time that works best for you.
- Who is affected by these changes?
All FedLine Advantage and FedLine Command customers using a VPN device.
- What if I only use FedLine Web® or FedLine Direct®?
FedLine Web and FedLine Direct connections do not utilize VPN devices for connectivity, so they will not be impacted by these changes. If FedLine Direct customers use a FedLine Advantage VPN for contingency/alternate processing means, they will be required to migrate like all other FedLine Advantage customers.
- Who within our organization will need to coordinate these changes?
For FedLine Advantage Customers, a FedLine Advantage EUAC will be designated to coordinate these changes, though any FedLine Advantage EUAC can place a migration order via the CMC. The Federal Reserve Banks will contact an EUAC from your organization with further instructions.
FedLine Command customers that have FedLine Advantage EUACs will leverage these EUACs to coordinate the changes. FedLine Command-only customers utilizing a VPN device will need to work with a Federal Reserve Bank migration representative for assistance in the replacement process. In this scenario, the Federal Reserve Banks will contact a designated FedLine Command EUAC and help guide them through this migration. If FedLine Command customers need immediate assistance, they can contact the Customer Contact Center.
- Can I designate the EUAC that I want to coordinate these changes?
Yes, if you need to change or assign a specific contact, please call the Customer Contact Center. Please note that the contact must be a FedLine Advantage EUAC in order to utilize the CMC for the migration order process.
- Will the VPN Device Migration project have budget implications for my organization?
No, effective January 1, 2018, FedLine Advantage, FedLine Command and FedLine Direct® Solutions monthly package fees now include all VPN device equipment needed to operate directly with the Federal Reserve Banks. For more information, review the FedLine Solutions Fee Schedules. Customers will no longer make any direct payments to the VPN device vendor, including the VPN device and installation fees.
- What changes will my organization have to make?
The setup for your new VPN device will be similar to the setup for your current device, so this migration should be straightforward and require minimal to no changes to your environment. Additionally, this migration will continue to utilize the Connection Management Center (CMC) and our existing VPN device vendor. Available via FedLine Home, the CMC is the Federal Reserve Banks’ web-based application that FedLine Advantage EUACs currently use to place VPN device orders.
Customers can also continue to utilize Technical Contacts to assist with the VPN Device Migration project. The Technical Contact is a Subscriber role that provides necessary technical staff access to the CMC, allowing them to view technical documentation and current VPN device configuration as well as enter new technical information for VPN device orders.
- What can I do to prepare for my VPN migration?
As always, it is important that you continue to ensure that your organization’s list of EUACs and Technical Contacts, as well as their respective contact information, is current and complete. To review your current Technical Contacts, EUACs can download the Subscriber and Roles Report in the EUAC Center in FedLine Home. We also recommend that your organization review your network/firewall settings per the FedLine Advantage® VPN Device Access Requirements located in the Help Center of the CMC to confirm continued compliance prior to your migration.
- How can I add, modify or delete EUACs for my organization?
EUACs can be added, modified or deleted by submitting an EUAC form. These forms are available on the FedLine Solutions Forms page. An individual listed on your organization's Official Authorization List (OAL) must sign this form.
- My organization has multiple VPN devices. Do we need to migrate them all at once?
No, though your organization can opt to submit migration orders for multiple devices all at once, the installations can be spread across multiple days if desired. We may send your organization migration notifications for each device separately because each device’s migration timing is dependent on when the device was initially installed.
- What business continuity options should my organization consider?
Once your organization orders a migration VPN device(s) to replace your current device(s), you should consider ordering additional devices and installing them at the same site or at a contingency site as part of your business continuity plans. Backup VPN devices must be powered on and connected to your network at all times to ensure quick failover during a service disruption and continuous availability for any required maintenance updates. If your organization is a FedLine Advantage Premier customer, then you can add a secondary VPN device for no additional monthly charge. For more information on contingency options, visit the FedLine Advantage and FedLine Command Business Continuity Quick Tips page.
- Can I choose not to convert my VPN device and continue using the current solution indefinitely?
No, all customers are required to replace their current VPN devices with new devices in accordance with the Federal Reserve Banks’ migration schedule. Once you receive your migration communications, please plan to install your new device in the timeframe specified in the communication. If you have more questions at that time, please contact the Customer Contact Center for assistance. We will make every effort to work with your organization to find a migration time that works best for you.
- Can I still modify my VPN device configuration?
Yes, Modify Device Configuration requests can still be submitted via the CMC. However, please note that beginning March 25, 2019, configuration modifications for Fortinet® FortiGate® 60C VPN devices will no longer be available via the CMC. Rather, any FedLine Advantage or FedLine Command VPN customers wishing to request a device configuration update on an existing Fortinet FortiGate 60C VPN device will be required to place their migration order for the new Fortinet FortiGate 61E VPN device, at which point configuration changes can also be made. If you choose to change your configuration during the migration order, you will be required to change your WAN IP address.
- What should I do if I still have questions?
Please contact the Customer Contact Center.