Firewalls

Overview

A Firewall is a network security system that monitors the network traffic and establishes a barrier between the network and incoming traffic. Firewall permits or blocks data depending on its type in order to reduce the risk of any potential virus spread or intrusions  (hacking) of the university network.

Types of Firewalls

There are four types of firewalls available from ITS:

  • Next Generation Firewalls
    The Next Generation Firewall (NGFW) service is part of the university’s overall information security framework. The NGFW protects university information assets from cybercriminals and stops threats to the network through the application of content inspection, cloud-based threat intelligence, and malicious software analysis. The platform provides consistent protection and enhances the university’s information security efforts.
  • Distributed Firewalls
    The Distributed Firewall service is designed to protect and prevent malicious traffic in the MiServer virtual server environment.
  • Data Center Firewalls
    Data Center firewalls are designed to protect specific network activities to and from specific projects, systems, and information housed in university data centers (e.g., sensitive research projects, Wolverine Access transactions, MiServer instances, and others).
  • Custom Unit Firewalls
    Campus units requiring additional firewall security for specific business activities and transactions can work with ITS to design, implement, and maintain custom firewalls. Custom firewalls can be administered by unit IT professionals or ITS. Custom firewalls can support point-to-point tunnels, packet inspections of inbound or outbound traffic, and full-featured event logging. Firewall training is available for unit IT staff from the UMnet Administration team. UMNET-NSO can also provide recommended vendor courses.

Usage Models

There are three service models:

  • ITS Controlled
    In this model,  Information and Technology Services (ITS) manages and supports the firewall entirely. A best practice security model is applied to align with University of Michigan standards.

  • Unit Controlled
    In this model, units manage and operate their own unit firewall.  Unit IT staff have administrative accounts, access to conversion tools, and best practice guidelines. Any rules and objects are unit created. This delegates control and responsibility to the unit.

  • Hybrid Model
    In this model,  ITS maintains top administrative access with an option for unit IT staff to create unique policies. Unit staff and ITS have the ability to run reports, create or delete policies, and ensure best practice security.

Firewall Service

Firewall services, designed and maintained by ITS, are available to all U-M units and departments. If you would like to initiate a new firewall service for your unit, please reach out to ITS Network Security Operations (NSO) at its.is.nso@umich.edu/call 734-647-4200 or your unit's Project Manager to schedule a consultation.