Firewall Management Services

 

What is this Service?

This service assists agencies with the protection of information resources. The service focuses on maintaining several layers of network firewall systems. The Network Security Team manages and supports a  distributed-firewall design that not only protects the State’s network resources from threats on the internet but  also protects internal network segments from unauthorized access and hostile content such as malware and viruses that have found their way into another network segment on the State’s Wide Area Network (WAN).

What is Included?

Key Standard Features:

  • Centralized Firewall Management System
  • Internet Perimeter (WAN) – Manage the State’s Perimeter Firewall, which sits between the Internet and the State’s Wide Area Network. The Perimeter Firewall is the first line of defense protecting the State’s network and computer resources from threats on the internet.
  • The Perimeter Firewall permits the following for Outbound and Inbound Internet Traffic:
    • Outbound - Allow ALL Internet traffic to hosts and services outside of the State’s Wide area Network with the exception of known security vulnerabilities (see below). This allows anyone connected to the State’s Wide Area Network to utilize all services on the Internet with the exception of known vulnerabilities and sites that may be blocked from within the WAN by a Web Content Filter.
    • Inbound  - Only specific services which support the State’s mission will be allowed to be accessed from the Internet — such as Websites, Web Portals, Enterprise E-mail, SharePoint, Public Facing Applications, etc.
  • Internal Edge (LAN) –Network Security manages multiple Firewall Service Modules (FWSM) that are integrated into DII’s core network switches.  Each FWSM module allows for the Network Security Team to centrally manage and provide some Agencies and Departments firewall services whose networks and subnets are directly trunked through our core switches that have integrated FWSM modules.    The FWSM is utilized to separate and secure many of the State’s network segments to isolate systems, keeping communications between internal network segments in check so that internal users and systems cannot access network and data resources that are off-limits to them. By partitioning the State’s Local Area Network (LAN) interfaces with the FWSM, Agencies and Departments within the State are offered additional defenses against unauthorized access and threats originating from other network segments within the State’s WAN.
    • This service also provides an additional level of protection against internet-based threats ("defense in depth").
    • The FWSMs can protect both server and user LANs. In either case, outbound restrictions can be applied, to detect and control unexpected connections initiating from the local LAN, in addition to any inbound access permissions that are applied.
  • Centralized Firewall Monitoring and Logging
  • Notifies customer of critical events
  • Technical support and fulfillment of service requests

Key Non-Standard Features:

  • Assist State Agencies and Departments in assessment, design or implementation of a firewall
  • Network Security can provide consultation regarding service options and recommend best practices security policies


How Do I Obtain This Service?

User Request Process for Service Features:

  • Contact the Service Desk to request standard and/or non-standard features relating to this service listed below.
    • Self Service Portal – The Self-Service Portal can be accessed via the following web link: https://ent-footprints.state.vt.us
    • Call 802-828-6620 or toll free 855-828-6620, option 1


How Do I Receive Support for This Service?

To request support for this service, contact the Service Desk to open a support ticket:

 

• Self Service Portal – The Self-Service Portal can be accessed via the following web link: https://ent-footprints.state.vt.us

• AHS Users – Self-Service Portal: https://www.ahsinfo.ahs.state.vt.us/apps/help_me2.cfm

• Call 802-828-6620 or toll free 855-828-6620, option 1

• How To Documents posted at this web link: http://dii.vermont.gov/DII_Divisions/Customer/HowTo


Service Maintenance Schedule

Maintenance window is slated for every Monday and Tuesday from 11:00 p.m. – 5:00 a.m.
Service may be interrupted during the Maintenance Window. A global ticket will be created, and information posted on our home page when maintenance occurs.


Service Performance

Availability Goal:

Service/Application Availability:

  • Firewall Availability at Site or Office Location: 99%
  • Site to Site Availability at Border: 99%

Support Availability:

• DII Service Desk: Monday –Friday 7:45 a.m. to 4:30 pm

Non-Business Hours:
DII does not traditionally respond to issues after business hours. DII staff is only available via "best effort" after hours. Support calls placed after 4:30 PM and weekends/holidays will be redirected to Contact Communications. Issues requiring immediate attention will be forwarded to the appropriate DII employee who will triage the reported issue and follow proper procedures to restore activities to normal operations

Request Fulfillment Goal:

Depends on the type of request.

Resolution Goal:

See Resolution Goal in the Customer Support (Service Desk) description.

User Connectivity issues

  • Resolution Goal: 2 business days
  • Issues will be prioritized and resolved based on priority. Please refer to Customer Support for definitions of priority levels and resolution goals for each level.

Firewall issues in state offices

• Resolution Goal: 1 business day
• Issues will be prioritized and resolved based on priority. Please refer to the Customer Support section for definitions of priority levels and resolution goals for each level.

Note: Major outages will be addressed as soon as feasible. A Global ticket will provide information about the incident, locations that are impacted, and expected time for recovery. This information will also be posted on DII’s webpage at the following link: http://dii.vermont.gov


Service Costing

Standard services are funded through the DII Allocation.
The Non-Standard services may involve an additional fee.