Departmental Firewall Service

Watch our quick video https://youtu.be/vRGN9cXBOb4 from a Data Network Engineer about the use of this form.

 

 

The bIT bSecure firewall service utilizes Palo Alto Networks (PAN) next-generation firewalls to provide a method of restricting communications between network subnets. With this service each department or team receives a dedicated virtual system managed through a centralized web interface. Configuration can be as simple as allowing a specific port, or as complex as only allowing a specific application to communicate.  

The addition of the firewall does not require the reconfiguration of existing servers. When implemented, customers identify which networks should be moved to a protected zone and they configure the appropriate security policy to support them.

 

All bIT bSecure Firewalls are set up to provide redundancy. There are two PAN firewalls linked through two routers dedicated to providing network services for each service type. The PAN firewalls are configured such that a change made on one is automatically propagated to the other. If one of the PAN units fails, the other will take over automatically.

The bSecure firewall service is available for two types of use based on network location:

Data Center

Currently available at the Earl Warren and San Diego Supercomputer Data Centers, this firewall service provides one protected zone for each subnet connected to the virtual system plus the connection to the data center (referred to as “outside”). This configuration allows the firewall administrator to create policy in and out of the firewall as well as between the different subnets.

Campus

This firewall provides two zones, “outside” and “protected”.  All customer subnets are connected to the single protected zone. Firewall policy can be created to control communication between the outside and protected zones but not between the individual protected subnets.

 Click here to request this service.