UW–⁠Madison Information Technology
Connecting & supporting our digital campus
Firewall

Network firewall best practices

Posted by Whitney Jacobson on November 15, 2022

One of the many ways in which the Cybersecurity team keeps this campus safe is via the network firewall. Not only does the firewall protect against campus-wide cyber attacks, but it also prevents your work computer or network from being sabotaged by malicious online software. Because online attacks are continually changing, it’s more important than ever to keep the network firewall policy up to date. In July, the Network Firewall Advisory Group (NFWAG) C2E Badger team set out to evaluate the network firewall policy and implementation plan, update them if necessary, and draft a set of best practices and workflows for longer term protection.

The following set of principles provides baseline best practices on the administration, configuration and operating procedures for Palo Alto Next Generation Firewalls at UW–Madison.

  1. Create communication pathways. Knowing that people obtain information in different ways, it is best to create multiple touchpoints and opportunities for education: KB articles, documenting and sharing your firewall management processes, review updates from various firewall admin and advisory groups, etc.
  2. Rule change management process. Schools, colleges, institutes and divisions on campus should have locally documented change management processes that inform team members of the who, what, and why regarding firewall changes.
  3. Technical processes. Consistency is key when it comes to policy rule names, tagging and rule testing. All teams must stay consistent in order for this work to remain clear and understandable to all.

What you should do

  • Find and begin reviewing the baseline practices working draft document (Source: docs.google.com)
  • Look for a firewall management survey at the beginning of December to the firewall admin user group. We want to better understand the firewall community by hearing your training interests and needs.

Background

Cybersecurity to the Edge (C2E) is a broad set of initiatives focused on significantly reducing risk across the campus landscape. One of the high-priority efforts within C2E is improving campus network protection (aka “the firewall”).