UW Firewall Administration Policy Summary

With the campus IT policy and the universities guiding principles in mind the firewall advisory group, comprised of a mix of subject matter experts and members from representative campus units, devised an administrative solution to generally improve the administration, configuration, and operation of UW-Madison network firewalls. These two avenues have been named collaborative and delegated. To learn more, please reference: https://kb.wisc.edu/itpolicy/it-network-firewall-plan

The collaborative model design:

The delegated model design:

Firewall administrative roles:

To provide clear communication regarding responsibilities, expectations and firewall changes, the advisory group has designed two roles for the campus network firewall service. Modeling off of the AANTS role design the advisory group decided to follow along with this model. Depending on departmental staffing, the roles may be held by the same person. The roles designated are:


The fw-admin roles & responsibilities are:

  • Make policy and procedure decisions about configuration and operation of the units' vsys.

  • Guide the authorized firewall technician on the implementation of the decisions.

  • Primary contact for Network Services and The Office of Cybersecurity.

  • Responsible for review of vsys policies, procedures and administrative access.

  • Inform unit management of any major decisions and significant risks associated with vsys changes.

The fw-tech roles and responsibilities are:

  • Included and informed of all routing vsys information, i.e. configuration, operational changes.

  • Responsible for applying vsys configuration changes in accordance with campus and unit policies and procedures.

  • Notify the fw-admin of any security and operational concerns.