Firewall Management Service

ITServices provides firewall management services by locating and operating the ITServices standard firewall hardware, currently Cisco, in protected locations within the University.

Getting Started

Eligibility:

• Departments and select organizations associated with the University.

Additional Information:

• ITServices will:
  • Provide initial consultation and design to determine requirements
  • Advise the Department Contact on baseline and optional rules
  • Provide implementation and transition services
  • Install, configure, and maintain firewall hardware and its prerequisite packages
  • Backup the configuration
  • Provide emergency service for hardware level failures during business hours (see Normal Service Availability Schedule in Service Agreement)
• Emergency repair includes:
  • Coarse level diagnosis of problem to determine cause
  • Reboot hardware, etc. to resolve resource shortage or deadlock
  • Substitute locally available spare parts
  • Correct minor configuration errors, if applicable
  • Place repair calls with hardware suppliers
  • Respond to and resolve questions about, problems with, and requests for enhancements to the service from the Department Contact. (See Non-Emergency Enhancements in the Service Agreement for details)
  • Provide yearly reassessment of the firewall configuration and infrastructure to ensure the current deployment reflects policy and requirements
  • Provide analysis and reports of firewall log results (use, attack attempts blocked, summaries, etc.) as necessary

Cost:

• Service Fees

Requirements & Availability:

Departmental Responsibilities:

 

Each firewall request will include the name of a Department Contact who will be responsible for providing direct support to the department users.

 

The Department Contact will:

• Adequately understand network protocols to specify departmental requirements for firewall rules clearly and accurately
• Manage the department’s firewall requirements to ensure there are no conflicting firewall rule requests
• Understand implications of access rules
• Maintain knowledge of firewall host entries
• Provide local application support if required
• Provide timely notification for change requests

Features

• Network segmentation:
  • ITServices can provide additional network segmentation within firewall networks to create additional security zone
  • Additional network segments come with additional configuration and support costs
• SSL VPN Service:
  • SSL VPN Services are additional cost services that allow for clientless secure connection to services and hosts behind a firewall
  • SSL VPN Services must be tailored to the specific service being offered, and come with additional licensing and support costs

Help & Support

• Contact the ITServices Support Centre at 613.533.6666 during business hours or by filling out the webform at http://www.queensu.ca/its/apps/forms/itsc/helpform/