1. Where do you currently have firewall appliances installed (i.e. - organization perimeter, per building, per department, data center(s), etc.)
Most of our firewalls are at our distribution layer (Cisco 6807 VSS's) . These are multi-context ASA5585-SSP40's (routed), we provide contexts to individual depts. as requested, and for other services we provide to campus.
2. What size firewalls do have at each location? Do you have an HA design there as well?
The 5585-40's in each case are an active/standby pair. The HA pair is split between 2 locations alongside the VSS boxes.
3. Do you firewall your wireless network? Why or why not?
Yes. Since we use private IP's for wireless we use them for PAT.
4. Do you firewall your residential network? Why or why not?
Yes. This is currently mostly for wireless and the need to PAT.
5. What is your firewall design for your data centers?
Pair of 5585-40's split between primary and backup datacenters.
6. "Next-gen" firewalls are becoming a hot topic. Do you use the feature sets of the Next-Gen firewall beyond the IP ACL's? Do you restrict any outbound traffic?
7. Do you use a username-based ACE deployment - such as Cisco ASA's "Identity Firewall" where ACE's are written based on active directory groups and usernames?
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.