VPN Device Migration Frequently Asked Questions
As part of the Federal Reserve Banks’ ongoing efforts to keep pace with evolving industry and customer needs, we will soon begin the Virtual Private Network (VPN) Device Migration. The migration effort will require all FedLine Advantage® and FedLine Command® customers to replace their current VPN devices with a more contemporary solution. These changes will improve resiliency and enable access to the FedNow℠ Service. We are sharing the following information with your organization's End User Authorization Contacts (EUACs) and senior leaders, so you know what to expect when this project begins in the coming month.
The setup for the new VPN device will be similar to the setup for the current device, and will require changes to your network/firewall settings. Your organization will continue to utilize the Connection Management Center (CMC) to move from the current Fortinet® FortiGate® 61E model to a Cisco® C1111 model. Additionally, device provisioning will move from Sprint® (now T-Mobile®) to a new vendor.
Available via FedLine® Home, the CMC is the Federal Reserve Banks’ web-based application that FedLine Advantage End User Authorization Contacts (EUACs) use to place VPN device orders. Please note that a credentialed Technical Contact at your organization can also assist with completing the migration order in the CMC; however, an EUAC must start the order and submit it.
Frequently Asked Questions
- What is the VPN Device Migration?
The VPN Device Migration project will migrate FedLine Advantage and FedLine Command customers off their current VPN device and onto a new, more contemporary solution. These changes will improve resiliency and enable access to the FedNow Service.
- What is the purpose of FedLine Advantage and FedLine Command VPN devices?
The VPN device is one of the key components that helps deliver a secure connection to the Federal Reserve Banks. The VPN device provides an additional layer of transport encryption for all data transfers and is designed to ensure that the data transfer originated from your organization.
- Why does my organization have to migrate to the new VPN device?
FedLine Solutions leverage state-of-the-art technology and are designed to deliver the secure and reliable service you expect from the Federal Reserve Banks. These changes will improve resiliency and enable access to the FedNow Service.
- When will my organization have to migrate to the new VPN device
We will notify your organization in advance of your migration date and will provide resources to guide you through the process. An End User Authorization Contact (EUAC) from your organization will be asked to coordinate the migration.
- Is it possible for my organization to migrate to the new VPN device in advance of our planned migration date?
Yes, it is possible to migrate in advance of your planned migration date. If you are interested in migrating your VPN device prior to receiving migration communications, a FedLine Advantage EUAC can submit a migration order at any point in time, once the General Availability phase begins June 13,2022 by visiting the Connection Management Center (CMC). We will make every effort to work with your organization to find a migration time that works best for you.
- Who is affected by these changes?
All FedLine Advantage and FedLine Command customers using a VPN device.
- What if I only use FedLine Web® or FedLine Direct® ?
FedLine Web and FedLine Direct connections do not utilize VPN devices for connectivity, so they will not be impacted by these changes. If FedLine Direct customers use a FedLine Advantage VPN for contingency/alternate processing means, they will be required to migrate like all other FedLine Advantage customers.
- Who within our organization will need to coordinate these changes?
For FedLine Advantage Customers, a FedLine Advantage EUAC will be designated to coordinate these changes, though any FedLine Advantage EUAC can place a migration order via the CMC. The Federal Reserve Banks will contact an EUAC from your organization with further instructions.
FedLine Command customers that have FedLine Advantage EUACs will leverage these EUACs to coordinate the changes. FedLine Command-only customers utilizing a VPN device will need to work with a Federal Reserve Bank migration representative for assistance in the replacement process. In this scenario, the Federal Reserve Banks will contact a designated FedLine Command EUAC and help guide them through this migration. If FedLine Command customers need immediate assistance, they can contact the Customer Contact Center.
- Can I designate the EUAC that I want to coordinate these changes?
Yes, if you need to change or assign a specific contact, please call the Customer Contact Center. Please note that the contact must be a FedLine Advantage EUAC in order to utilize the CMC for the migration order process.
- Will the VPN Device Migration project have budget implications for my organization?
No, FedLine Command and FedLine Direct Solutions monthly package fees include VPN device equipment needed to operate directly with the Federal Reserve Banks. For more information, review the FedLine Solutions Fee Schedules.
- What changes will my organization have to make?
The setup for your new VPN device will be similar to the setup for your current device and will also require changes to your network/firewall settings. Additionally, this migration will continue to utilize the Connection Management Center (CMC). Available via FedLine Home, the CMC is the Federal Reserve Banks’ web-based application that EUACs currently use to place VPN device orders.
Customers can also continue to utilize Technical Contacts to assist with the VPN Device Migration project. The Technical Contact is a Subscriber role that provides necessary technical staff access to the CMC, allowing them to view technical documentation and current VPN device configuration as well as enter new technical information for VPN device orders.
- What can I do to prepare for my VPN migration?
When your migration begins, you will be directed to the Cisco Fedline Access Requirements in the CMC which contains the mandatory firewall changes needed to connect to FedLine Advantage. Please review the document at your earliest convenience and prepare your technical staff for these changes. The new solution will not allow for multiple Cisco VPN devices to be connected to FedLine concurrently using the same public IP address. If your existing Fortinet VPN devices are leveraging the same public IP address, please work with your technical staff and ISP to setup multiple public IP addresses ahead of your installation date. As always, it is important that you continue to ensure that your organization’s list of EUACs and Technical Contacts, as well as their respective contact information, is current and complete. To review your current Technical Contacts, EUACs can download the Subscriber and Roles Report in the EUAC Center in FedLine Home.
- How can I add, modify or delete EUACs for my organization?
EUACs can be added, modified or deleted by submitting an EUAC form. These forms are available on the FedLine Solutions Forms page. An individual listed on your organization's Official Authorization List (OAL) must sign this form.
- My organization has multiple VPN devices. Do we need to migrate them all at once?
No, your organization does not need to migrate all of its devices at once. However, your organization can opt to submit migration orders for multiple devices all at once and schedule the migrations across multiple times or days. We may send your organization migration notifications for each device separately because each device’s migration timing is dependent on when the device was initially installed. As a reminder, the new solution will not allow for multiple Cisco VPN devices to be connected to FedLine concurrently using the same public IP address. If your existing Fortinet VPN devices are leveraging the same public IP address, please work with your technical staff and ISP to setup multiple public IP addresses ahead of your installation date.
- Can I choose not to convert my VPN device and continue using the current solution indefinitely?
No, all customers are required to replace their current VPN devices with new devices in accordance with the Federal Reserve Banks’ migration schedule. Once you receive your migration communications, please plan to install your new device in the timeframe specified in the communication. If you have more questions at that time, please contact the Customer Contact Center for assistance. We will make every effort to work with your organization to find a migration time that works best for you.
- What should I do if I still have questions?
Please contact the Customer Contact Center.