Skip to main content

Managed Firewall Services

Firewall services are available to IT units who want to protect departmental user networks from external threats. These can be installed to protect server or client networks.

Firewalls represent one component of a strategy to combat malicious activities and assaults on computing resources and network-accessible information. Other components include antivirus software and intrusion detection software.

REQUEST SERVICE

Available to

Distributed IT Units

Cost

There is a one-time initial consulting and implementation charge, plus firewall hardware and annual maintenance. Detailed cost information is available on the Northwestern IT Service & Equipment Charge List.

Request this Service

Complete the Firewall Ruleset Modification Request Form.

Ordering

Authorized departmental work order contacts can submit an order online via the CONDUITS Online Order Formwith the following information:

  • Contact name and phone number
  • Department
  • Location of servers to go behind the firewall
  • Number of servers to go behind the firewall
  • IP addresses of servers to go behind firewall
  • Chart of Accounts number to fund the one-time and recurring charges

A network engineer from Northwestern IT will contact the department to discuss and evaluate specific firewall needs. For questions about ordering this service, contact the IT Support Center.

Maintenance and Schedule

All installations and implementations of and modifications to a Network Firewall and its Configuration and Ruleset are the responsibility of the authorized Northwestern Information Technology (IT) Firewall Administrator, with this exception: maintenance of a Network Firewall Ruleset may be performed by other than Northwestern IT personnel where permitted by a documented risk acceptance agreement  between Northwestern IT and the School/Department/Business Unit assuming the Firewall Administrator's responsibilities.

  • The Firewall Ruleset Modification Request Form (Request Form) is required to request a modification to a Ruleset of a Northwestern IT-administered Firewall.
  • Northwestern IT Firewall Administrators will execute approved changes to the Firewall Rulesets maintained by Northwestern IT during the scheduled maintenance window of 6:00-7:00 a.m. CST/CDST, on Tuesday and Friday of each week.
  • Change requests must be received no later than 8:00 a.m. CST/CDST on the business day prior to the desired maintenance window.
  • Additional time for review and implementation may be required, depending upon the complexity of the request. Requestors are encouraged to submit requests as early as possible.

Holiday Provisions

Northwestern IT requires one full business day to review and approve a Request Form, and due to operational and service considerations, changes to firewall rulesets are not executed any later than the scheduled maintenance window on Friday of any given week. On those occasions where a University holiday falls on a Monday or Thursday, Request Forms are to be received on the business day prior to the holiday in order to undergo the required review. Where the holiday falls on a Tuesday or Friday, approved Request Forms will be executed at the following scheduled maintenance window.

Processing of an Emergency Change Request

A Request Form is considered an Emergency Change Request (ECR) when either:

  • the Request Form is received after 0800 CDT/CDST on the business day prior to the desired scheduled maintenance window (i.e., less than one full business day to process), or
  • the desired date and time to execute the Request Form is outside of a scheduled maintenance window.

ECRs typically include a Request Form with instructions to:

  • Add/modify/delete a firewall ruleset
  • Modify or cancel a pending Request Form not yet approved
  • Modify or cancel an approved Request Form not yet executed

To file an ECR, customers are required to:

  • complete and submit the Request Form (or send an e-mail message with the equivalent information to firewall@northwestern.edu), and
  • call the Service Operations Center (847-467-2222) to alert the on-call Northwestern IT network engineer of the pending ECR.

The on-call engineer will:

  • contact the customer to acknowledge receipt of the ECR,
  • request any additional information needed,
  • submit the ECR for review and approval, and
  • notify the customer of the disposition (approved/not approved).

If approved, the ECR will be executed at the requested date/time.

Last Updated: 21 March 2019

Get Help Back to top