General InformationAbout ITComCustomer ServiceOrders and FormsRatesRepairsProducts & ServicesTelephone ServicesData Network & InternetDial-inUMmedia

U-M Virtual Firewall Service

Overview Subscription Process Component Descriptions FAQ

Overview

The U-M Virtual Firewall Service is a new network security service available to academic and administrative units on the Ann Arbor campus. The service is designed to provide uniform and centralized perimeter protection against outside threats to the University's various data networks.

This security effort is a joint collaboration between ITSS (Information Technology Security Services) and ITCS (Information Technology Central Services). The ITCom group within ITCS is responsible for coordinating the hardware, software, and deployment of the service.

Individual units that subscribe to the service will have the ability to control their own virtual firewall or choose to have ITCom administer it for them. Units can easily integrate the service as a replacement for a current firewall, as an addition of a security zone (dmz), or as a basic perimeter security firewall.

The service uses products from Check Point Software Technologies to provide a traditional firewall that can support point-to-point tunnels, packet inspection of either bound transmissions, and full-featured event logging.

The service deployment currently includes four firewall clusters located around the campus. Each cluster uses a two-node primary/standby configuration and each is initially provisioned to operate up to 10 virtual firewalls. This platform will permit easy access to a firewall by most campus units. Management and log servers are located in the Arbor Lakes Data Center (ARBL), 4251 Plymouth Rd.

Virtual Firewall Deployment Overview

Virtual Firewall Project Deployment Overview

Subscription Process

Unit IT managers interested in using this service should contact their ITCom Project Manager to begin an assessment of unit goals, infrastructure, and operating constraints. Please note that the service may not be appropriate for every individual unit.

There is no charge to the unit for the firewall software and licensing, but charges could occur from network changes that may be required during the integration of the components into a unit.

If the assessment indicates the unit qualifies for the service, a formal Firewall Service Agreement is prepared that outlines high level roles and responsibilities of ITCom and the unit, training requirements, operating and reporting guidelines, and trouble resolution procedures. This agreement is required even if a unit has a current Network Service Agreement in place.

Questions Your ITCom Project Manager Will Ask

1. Will your system be upgraded within the next 6 to 12 months?

2. Do you currently have a Service Agreement (SA) with ITCom?

3. Do you or anyone within your department have any experience with firewalls? With Check Point firewalls?

4. How many devices do you plan on placing behind the firewall?

5. Which IP address range will you be placing behind the firewall?

6. Do you have a private wireless network or UM Wireless on your network?

7. Do you have any IP telephony (VoIP) on your network?

8. Do you have any private networking for printers or other devices? If so, are the computers connected through the phones or a direct Ethernet connection?

9. Do you use Multicast for any services on your network?

10. Do you use the Symposium Call Center in your networks?

11. Are you using IPX or AppleTalk?

12. How segmented is your network? Do you have servers, printers, workstations in separate VLans?

13. Do you have any devices that are processing credit card transactions and are they segmented from the rest of the network?

14. Do you support mini-hubs or mini-switches on your network?

Return to Top