General InformationAbout ITComCustomer ServiceOrders and FormsRatesRepairsProducts & ServicesTelephone ServicesData Network & InternetDial-inUMmedia

U-M Virtual Firewall Service

Overview Subscription Process Component Descriptions FAQ

Components

There are two separate components to the U-M Virtual Firewall Service: the Management Component and the Firewall Component.

Each component uses Dell 2850 series servers, Check Point's SecurePlatform application software, and Red Hat Linux operating system. This set of hardware and software provides a common integration platform and standard support capability.

Management Component

The Management Component performs device configuration, policy management, and logging of the enforcement points (actual firewalls). Management is distributed so that device configuration and policy management are on one server and logging on another.

The manager server is called an MDS (Multi-Domain Server). The MDS houses the CMAs (Customer Management Add-Ons). A CMA is assigned to a subscriber and identifies the firewall that is bound to it.

The log server is called an MLM (Multi-Domain Log Module). The MLM houses CLMs (Customer Log Modules). A CLM is also assigned to a subscriber and identifies the firewall that is bound to it.

The Management Component software is called Provider-1. A subscriber uses a GUI client, called SmartConsole, to access the various modules of Provider-1 and to manage and monitor the firewall assigned to the unit. The software comes bundled on the SecurePlatform release from Check Point and is distributed by the ITCom firewall administrator.

Firewall Component

The Firewall Component is the actual firewalls or enforcement points. The enforcement points are highly available; that is, there are two devices that provide a two-node primary/standby cluster configuration. There will be no load balancing. Each of the two devices is identical.

The Firewall Component software is called VPN-1 VSX. The software performs various functions. It is the master virtual server/gateway, managing all aspects of all virtual systems, virtual routers, and virtual switches that may be configured on each enforcement point cluster. The configuration of each master virtual server/gateway and all systems, routers, and switches are managed from Provider-1 via the SmartConsole GUI client. The only configuration that is done locally on an enforcement point cluster is the maintenance network and dynamic routing configurations.

Subscriber Applications

A subscribing unit designates one or more Firewall Administrators to manage the unit's firewall through the SmartCenter Server using SmartConsole GUI applications.

Applications include SmartDashboard and SmartView Tracker.

SmartDashboard is used to define host, network, and services objects for creating a policy that will be installed on the unit's firewall.

SmartViewTracker is used to track all daily network traffic and activity logged by any Check Point and OPSEC Partners log-generating product.

Return to Top

ITS ITCom Arbor Lakes 4251 Plymouth Road Ann Arbor MI 48105 itcom.web@umich.edu