Frequently Asked Questions - Shared Firewall Service

Can I use the shared firewall service if I store sensitive or protected data?

The shared firewall service is not intended for systems storing sensitive data. Depending on the circumstances, you should either use a fully customizable Departmental Firewall or the...

Is this service suitable for me?

Yes, if:

Your service contains printers and workstations only. You don't have any custom rules. You don't have technical staff who can configure your firewall rules. Your security needs are not extensive.

No, if:

Your subnet(s) hosts servers and services used outside the firewall.

You host sensitive data.

You have regulatory or contractual obligations to safeguard data that resides on your network.

Restricting traffic based on malicious content or destinations known to be malicious is unacceptable to the users on...

Can I make customizations to the shared firewall rules?

No. Customizations are not made for individual departments. However, it is an evolving service and changes will be made if necessary to support the general needs of campus workstation computing.

Are there any drawbacks to using this service?

This service should not be used if you store restricted data.

Rules and profiles in the shared firewall are not customizable.

The only services on the protected side of the firewall that can be accessed from the unprotected side are printing and remote desktop services. These services can only be accessed from non-Calvisitor campus addresses.

Campus vulnerability scanners are allowed and there will be no firewall exceptions for devices that have issues with scanning

Since systems using the shared firewall service...

What are the benefits of using this service?

You don’t need to write your own firewall rules.

You don’t need to define security profiles.

Increased security using profiles that block systems from connecting to or receiving traffic from known bad addresses

Malicious content (spyware, attempts to exploit known vulnerabilities, etc.) will be stopped by the firewall