In addition to the campus firewall, Networking and Information Security provides departmental firewalls for an additional level of protection. NIS provides equipment and support for departmental firewalls, installs and configures them, and acts as the point of contact for rule changes.
Departmental Firewalls run Packet Filter (PF), OpenBSD's TCP/IP traffic filtering system. This system creates a stateful firewall capable of complex rule sets.
Before installing a departmental firewall, the Network Engineering and Installations Teams will determine if any network architecture changes are needed. Changes may be needed in order to isolate your department or lab in preparation for the firewall. In addition, the Network Security Team will review any current campus firewall settings for hosts you own in NIM. The time required to install a departmental firewall varies based on the complexity of the network infrastructure.
If you process Credit Cards, other Payment Card Industry requirements must be met.
Updates and Support
Once installed, there is a $50.00 per month charge for firewall services. This charge is required for cost recovery and will ensure continued security for your network.
Currently, rule change requests should be submitted to NIS by emailing firstname.lastname@example.org. A new web interface for rule changes is being developed. Department administrators may use this interface to make rule changes on non-PCI firewalls. PCI Firewall rule change requests will continue to be submitted to email@example.com.
For privacy reasons, access to firewall logs is limited. However, if a network event requires investigation, NIS will work with you to extract the relevant logs.
For more information on installing a departmental firewall, please send an email to firstname.lastname@example.org.