How would you configure and manage firewall rules to restrict traffic to a sensitive database segment at CGI Group?