What's Inside

OIT Home

Home

Using the Network
Services & Support
About the Network
- Campus Network Map
- Campus Implementation
- Peering
- Policies
- Network Addressing
- Firewall Service

Resources

Firewall Service

The Office of Information Technology (OIT) offers a campus-wide central firewall service that enables network security protection for University of Minnesota computer users and resources. A firewall is an access control device that inspects network traffic passing through it and denies or permits passage based on a set of security rules. A firewall policy is a collection of security rules designed to prevent unauthorized electronic access to private and sensitive data and resources stored on networked computer systems.

Firewall service is available to all University departments on the Twin Cities campus. Departments must be on their own individual network(s) and their resources (e.g., jacks, VLANs, etc.) associated to a Management Identification group (MID) in Service Gateway. If your department has not been migrated to the Service Gateway, contact the Service Gateway Migration Team.

Roles and Responsibilities

OIT staff members responsible for:

Designing and maintaining the OIT managed firewall infrastructure
Provisioning firewalls, based on consultation with customer
Providing on-going support
Troubleshooting firewall infrastructure problems
Troubleshooting firewall related problems as reported by customers
Providing training to firewall administrators

Service Gateway primary and secondary MID members are responsible for:

Determining who in their organization are authorized to manage their firewall policies
Adding/removing firewall administrators in their Service Gateway Management Group (MID), along with adding or removing their "Security" rights
Ensuring that new firewall administrators attend OIT's Central Firewall Training course before they get access to manage their departmental firewalls
Encouraging students, faculty, and staff affected by their firewalls to contact their support staff should they run into any problems accessing any applications, Web sites, resources, etc., that they normally can. Support staff should work with those in their department authorized to manage firewall policies to troubleshoot the problem before contacting OIT

Firewall administrators are responsible for:

Completing OIT's Central Firewall Training course
Knowing and understanding their environment and applications
Defining and managing their firewall policies. OIT staff can assist, but are not responsible for defining or managing their firewall policies for them.
Accessing and managing firewall policies via the command line interface or the ASDM application
Troubleshooting their own firewall policies before contacting OIT
Ensuring that the device they use to manage their firewall policies is configured with an IP from the primary subnet, if they are obtaining an IP from a Vlan that contains multiple subnet ranges

Please note: firewall provisioning should be done during the regular business hours of 8 a.m. and 5 p.m.