The ITS Managed Firewall Service provides customers protection, on a per VLAN basis, from internal and external threat actors who attempt to gain unauthorized access to the UNC-Chapel Hill campus network. This service explicitly permits only the traffic requested and approved by the customer to the customer's network.
This service is intended for use by administrative units of the University with technical and administrative responsibility for their computing environments.
Request a firewall meeting, either by submitting a Remedy ticket to the ITS-SECURITY queue or via the Online Help Request site (http://help.unc.edu/help/olhr/).
If your department is interested in signing up for ITS Firewall services, you can reach us by:
- ITS Service Desk *
- ITS Security *
* Please see Technical Contact Information below.
The customer will then meet with ITS Security and ITS Networking staff in order to assess the nature of the customer’s network(s) and set dates and milestones for future actions.
Hardwired desktops and servers on University-owned networks.
Technical Support Contact Information
Technical support for Firewall services is provided by contacting the Service Desk by any of the following methods:
ITS Service Desk:
- Phone (919) 962-HELP (4357)
- Chat: https://help.unc.edu/chat
- Online Help Request: http://help.unc.edu/help/olhr/
- Twitter: @unchelpdesk
- Facebook: unchelpdesk
- YouTube: unchelpdesk
- Instagram: unchelpdesk
- Calling 919.445.9393, 8:00 AM to 5:00 PM on days the University is open for business.
- Submitting a Remedy ticket to the ITS-Security queue
- Completing the ITS Online Help Request form at http://help.unc.edu/help/olhr/
- Completing the Registration Form at https://firewall.unc.edu/registration/
Note: IF THIS IS AN OUTAGE, SUBMIT A CRITICAL TICKET.
SLA Response Times
- Critical = tickets will be acknowledged within 15 minutes after receipt.
- Important = tickets will be acknowledged within 8 business hours after receipt.
- General = tickets will be acknowledged within 3 business days after receipt.
- Critical ticket: ISO considers a ticket critical when there is a work stoppage (e.g. outage) impacting: (1) a University business or business service; or (2) an employee responsible for completing mission critical work.
- Important ticket: A request for support in the normal course of University business.
- General ticket: A request for information regarding configuration or performance (e.g. troubleshooting, request for logs, etc).
The firewall team collects data on the following:
- Aggregate bandwidth, including monitoring for aggregated bandwidth thresholds to verify firewall performance.
- Critical tickets as compared to total firewall tickets.
- Total sessions permitted in a day; total sessions denied in a day.
- Number of clients/networks/devices protected by firewalls
- Amount of downtime in a given month, quarter, and year, as a percentage of total time in those same periods.
Service Metrics / Service Goal metrics
The goals for most of these metrics is to provide warranty of firewall performance and effectiveness. Comparison of metrics will also be made quarter to quarter and year to year to document the increased utility of firewall services by blocking attacks and increased utilization of firewall services across the campus network.
- Firewall maintenance will be conducted based on the nature of the circumstance and the corresponding ITS Change Management guidelines including CAB requirements.
- Firewall maintenance is outlined in section 2 of the Firewall Service Level Agreement located at: https://firewall.unc.edu/firewall-service-level-agreement/
Hours Of Operation
- The Information Security Office business hours are 8:00 AM to 5:00 PM on days that the University operates.
- 24/7 on-call support is available for critical tickets.
- Customers should be aware of ITS policies, including the Acceptable Use Policy located here: https://its.unc.edu/files/2016/02/Acceptable-Use-Policy.pdf
- Customer responsibilities are outlined in sections 2-5 of the Firewall Service Level Agreement at: https://firewall.unc.edu/firewall-service-level-agreement/
- Customer de-provisioning of Firewall services is outlined in section 3 of the Firewall Service Level Agreement located here: https://firewall.unc.edu/firewall-service-level-agreement/
Out of Scope
- The Information Security Office does not support host-based firewalls or third party devices.
- The scope of the Firewall service, including supported and unsupported features, is outlined in section 3 of the Firewall Service Level Agreement located at: https://firewall.unc.edu/firewall-service-level-agreement/