Virtual Firewall
Table of contents
- Provision of virtual firewalls for institutions of the TU Dresden
- Benefits: Protection of the institute's internal data network against attacks from the intranet (campus) and the Internet (world)
- You can find a request and information on the central firewall vie Self Service Portal (for IT administrators only)
Scope of Services
- Support in setting up a network and firewall concept
- virtual firewall context, pre-configured with VLAN interfaces and routing entries for the respective networks
Options
- Extension / modification of existing firewalls by adding new interfaces
- Renaming of firewall context is possible (e.g. in case of a name change of the institution)
- Migrating the firewall between locations (e.g. on moving an institution into different buildings, s.b. "Buildings")
Application
- Application for new software "virtual firewall" can be sent in through the head of the institution, the official IT-admin or their offices with this application form
- Request service desk through the official IT-admin (sender addres @tu-dresden.de) of the institution: creating a firewall concept - appointment in communication with ZIH
Autorization
- The official IT-admin is the entitled user of the firewalls
- Commissioning the firewall is possible for the official IT-admin, after its costs have been settled by software acquired and the firewall concept has been created
Please note: The "official IT-admin" is an employee of the TUD named to the ZIH by the head of its respective institute. The IT administrator must be provably committed to the data protection laws according to the circular by the head of the institute.
- Virtual firewalls are being maintained by the respective agencies and establishments (namely, their official IT administrator) and are therefore the official admin's responsibility.
- The official IT administrator is the contact partner for the ZIH
- The IT admin is responsible for guaranteeing the security of the firewall access data
500,00 € per virtual firewall
Provisioning time
- ca. 4 weeks
Support times
Service Desk mon - fri 8 am - 7 pm
Operating times / operating status
24/7
Service availiable? Betriebsstatus
Please report problems to the service desk:
© ZIH
Visiting address:
Andreas-Pfitzmann-Bau, Room E036 Nöthnitzer Straße 46
01187 Dresden
https://navigator.tu-dresden.de/etplan/apb/00/raum/542100.2480?language=en
Postal address:
TUD Dresden University of Technology
Support Center Digitalisierung
Service Desk
01062 Dresden
Office hours:
- Monday to Friday:
- 08:00 - 19:00
Offer virtual firewall
The TU Dresden is responsible for the management and operation of the firewalls within the framework of the decentralized supply concept at the respective institutes and facilities, represented by the responsible administrators. This requires the administrators to have a high level of competence regarding the network security policy as well as the firewall hardware itself. The ZIH advises and supports the institutes in the selection, configuration and commissioning of the firewall systems. In addition, the ZIH provides support services for the operation of the firewall (including monitoring, backup of the configuration).
For institutes that do not want to operate their own firewall system platform, the ZIH offers a central firewall system platform with virtual firewalls in the respective central backbone area. The administration and configuration of the virtual firewall is the responsibility of the respective institutes. The ZIH provides uniform firewall platform and supports and advises the institutes on the initial deployment of their local security policy. The virtual firewalls allow the responsible administrators to focus on the actual task of protecting the local network.
The technology of the virtual firewalls ("security contexts") of Cisco is used as a solution for centralized firewalls. For this purpose, physical firewall hardware, such as an ASA appliance or a firewall module (ASA-SM), is split into several logical "virtual firewalls". Each virtual firewall is independent from the other virtual firewalls running on the same hardware. Each firewall is managed and operated seperately. The following hardware components support virtual firewalls and are currently being used on the campus for this purpose:
Firepower 4110 Logical ASA Device
- 8x1/10GE Ports
- 35 Gbps Firewall Throughput, 1024 VLANs
- 10 Mio. concurrent connections, 150.000 new firewall connections/sec
- up to 250 virtual firewalls on the logical ASA device
Firepower 4120 Logical ASA Device
- Appliance mit 8x1/10GE Ports
- 60 Gbps Firewall Throughput, 1024 VLANs
- 15 Mio. concurrent connections, 250.000 new firewall connections/sec
- up to 250 virtual firewalls on the logical ASA device
Administration of virtual firewalls
The individual virtual firewalls are operated independently, so they are fully multi-customer capable. Using the virtual firewalls, a clear separation of the responsibilities between the institutes and the ZIH is achieved:
- Configuration of the security requirements in the virtual firewall by the institutes
- Support and monitoring of the firewall system platform and its infrastructure by the ZIH
Virtual firewalls offer considerable advantages for the institutes:
- No need for individual firewall hardware at the institutes
- Maintenance for firewall hardware is no longer required and is taken over by ZIH
- Savings potentioal in case of failure safety, e.g. costs for USV
- Saving potential for electricity costs
- Server space capacities more exploitable
- Support with firewall questions from ZIH
Buildings
In the list of routing sections you may find the buildings connected at TU Dresden .
Further Information
For more information about Cisco Firewall products, visit:
- Configuration tool ASDM
- some recommended port lists for firewall rules
- ASDM Configuration Guides für ASA, ASA-SM: