University of Toronto Logo

Information + Technology Services

System Status
- A A A+
A-Z list of all Information Technology Services available at U of T.

Tools and resources supporting academic activities in the classroom and beyond.

Resources for access to systems, password resets, anti-virus, encryption and security.

Information on available administrative applications and available support.

Resources for applications development and enterprise service architecture model.

E-mail, video/audio conferencing and other communication tools available at U of T.

Resources + support for acquisition, maintenance + disposal of hardware + software.

HelpDesks, Training and Support resources for all central IT services at U of T.

Resources and support for networking, wireless and remote access at U of T.

All policies and guidelines concerning Information Technology at U of T.

PMO resources for assessment, planning, governance and implementation of IT projects.

Firewall

The Virtual Firewall Service (VFS) is a central packet filtering service which will allow network administers to control all traffic, to and from their LANs, from one unified interface. End users will not need to purchase or maintain any ancillary hardware or software. The VFS will allow one or more LANs to be managed with one single ingress and egress point to the rest of the University campus as well as to the outside world.

Using Virtual Routing Forwarding (VRF) and Firewall Switch Forwarding Modules (FWSM) in the central core routing infrastructure, a VFS can be provided to every directly attached network or to a collection of geographically and physically distinct networks. Each Virtual Firewall (VFW) created on the FWSM can support up to 8 subnets.

The FWSM device allows for both a Command Line Interface (CLI) as well as a web based tool to configure and manage firewall rule sets. Full packet logging is also available. A VFS will be managed in one of two ways: Self Service and Centrally Managed

Self Service means the local end user will be responsible for the configuration and management of his or her own virtual firewall. Unique user credentials will be assigned to allow individual and secure access and control.

Centrally Managed means that Enterprise Infrastructure Solutions (EIS) will create, manage and monitor the firewall rule set on behalf the department. Full logs will be made available via the web.
  • EIS
24/7
Monday to Friday: 9:00 am – 5:00 pm
russell.sutherland@utoronto.ca or lloyd.kwong@utoronto.ca
Not Applicable
Yes
Q: What is a VRF?
A VRF (Virtual Routing Forwarding) is in effect a virtual router layer, superimposed on a the default collection of routers and networks. The VRF can contain one or more networks from the default routing instance. All traffic between and VRF and the default routing layer, passes through one virtual connection. It is a this point that firewall packet filtering can occur. VRFs are used to connect subnets residing on remote routers into the VFW residing on the local router.

Q: What if I have more than 8 subnets?
Since each VFW can support a maximum of 8 subnets, additional VFWs would need to be purchased. For example, if you have 9-16 subnets, you would require 2 VFWs, if you have 17-24 subnets, you would require 3 VFWs.

Q: Is there an extra charge for adding subnets in the future?
Yes. Adding additional subnets will incur an installation and ongoing maintenance charge (see the 'Fees' section).

Q: Can the firewall rules filter traffic between my subnets?
Yes. Inter subnet packet filtering is fully supported.

Q: What is the capacity of the FWSM?
Each FWSM can switch packets at 5.5 Gbps. One FWSM can support multiple VRFs.

Q: What is the cost of a VFS?
One time installation starting at $1500 and annual maintenance starting at $300 per year. An additional $600.00 per year for a fully managed solution (see the 'Fees' section).

The Latest News

Loading featured news