We have recently began implementing some of the features that are part of Phase 2. Most of the firewalls which perform NAT operations have been migrated, and we expect to do the remaining one by the end of March. The biggest project we are working on at the moment is the implementation of Intra-Campus Security Profiles which includes Antivirus, Anti-spyware, and Vulnerability Protection: aka Intrusion Prevention. We are also implementing what is called Zone Protection. This feature provides data-plane protections against DDoS attacks and other malicious traffic. At the moment it is only set to give us alerts, but once we have a baseline it will be configured to block such traffic.
So far we have implemented these changes on our departmental firewall with no major issues.