Data Center Firewalls

Summary

All ITS Data Center networks are protected by centrally managed firewall platforms. Currently, Nokia CheckPoint and Juniper ISG 1000 firewalls are deployed at each data center and support a standard network architecture.

Network Architecture

Each data center is divided into mutiple, distinct firewalled network security zones. Each zone is designed to provide security protection with escalating levels of service and restricted access. Listed below are descriptions of currently deployed firewall environments and their associated security zones:

Nokia CheckPoint - Highly available firewall environments

• DMZ - Primary production security zone
  • Allows inbound/outbound access to all UW Medicine subnets
  • Allows inbound http, https, ssh and rdp access from outside UW Medicine subnets
  • Available at all data centers

• Extranet - Primary production security zone
  • Allows inbound/outbound access to all UW Medicine subnets only
  • Available at all data centers

• Protected - Primary production security zone
  • Customized access base on pre-defined system requirements
  • Available at all data centers

Juniper ISG 1000 - Bridging firewall environments

• Backup - security zone
  • Supports large volume data transfer activitiies
  • Allows inbound/outbound access to all UW Medicine subnets
  • Available at all data centers

• Management - security zone
  • Management access to hosts and devices
  • Allows inbound/outbound access to all UW Medicine subnets
  • Available at all data centers

• SAN/DC - security zone
  • Services enterprise SAN/Fileshare and Domain Contoller hosts and devices
  • Allows inbound/outbound access to all UW Medicine subnets
  • Available at Surgery Pavillion Data Center only

• Radiology - security zone
  • Services Radiology/Cardiology Departments hosts and devices
  • Allows inbound/outbound access to all UW Medicine subnets
  • Available at Surgery Pavillion Data Center only