Palo Alto Network Firewall Advanced Protection Implementation Summary

This article describes Palo Alto's Advanced protections implementation background and vision

Background

In 2017, UW-Madison made an investment in the security of the campus network by upgrading campus network firewalls to Palo Alto next-generation firewalls. In addition to traditional network level protections, the new firewalls’ advanced security features can offer the campus network greater protection from cyber attacks. 

A campus Network Firewall Policy was also established to provide a collaborative decision-making process for the administration, configuration, and operating procedures for network firewalls at UW-Madison.  The policy included the formation of the Network Firewall Policy Advisory Group that will provide input on the administration, configuration, and operating procedures of network firewalls.  The group includes subject matter experts and participants from UW-Madison academic and business units.

The first work of the advisory group was to develop a plan to expedite the deployment of the Palo Alto Advanced Protections to campus firewalls.  The Advanced Protections are referenced in Palo Alto documentation as “Content-ID”.

Implementation Summary

Two firewall administration options related to the Advanced Protection features have been developed, one of which will be applied to each instance of a Palo Alto firewall:

    • In the Collaborative option, the Office of Cybersecurity manages the initial transition and maintains the advanced protection features on an ongoing basis.  These baseline protection features will mirror the policy on UWNet (campus wifi).
    • In the Delegated option, the local firewall administrator performs the transition and future maintenance.

Campus firewall administrators will be surveyed to:

    • Confirm their role(s) in the operation of the firewalls that they are assigned.  These roles include:
      • Firewall Administrator - the person designated by a unit to make firewall policy and procedure decisions.
      • Firewall Technician - the person trained and authorized to make firewall changes.
    • Select the firewall administration option of their choice (Collaborative or Delegated) 

As this information is gathered, the Office of Cybersecurity will inform the firewall administrators of relevant resources available to them as well as make arrangements for any needed firewall changes.

Questions

Please feel free to contact the Office of Cybersecurity with Palo Alto Advanced Protection questions at cybersecurity@cio.wisc.edu



Keywords:
firewall vulnerability threat prevention defense cyber security cybersecurity 
Doc ID:
91245
Owned by:
Vincent A. in Cybersecurity
Created:
2019-04-22
Updated:
2024-09-30
Sites:
DoIT Help Desk, Network Services, Office of Cybersecurity