skip to main content

SDSU logo links to main SDSU web site
IT Security Office (ITSO)


New Internal Firewalls

Internal firewalls protect critical resources from internal and external threats. Internal firewalls should be implemented for systems and networks that contain protected information or have privileged access to protected information. Firewalling internal systems and networks often requires extensive planning and network re-design which can take several months to complete. The phases of implementation will include:

  • An initial meeting with the TSO to discuss security goals; all correspondence should be directed to
  • The TSO will determine the necessary firewall architecture and scope the rule sets required
  • IT support staff will develop any necessary system build documentation and develop the ruleset. This is typically done by:
    • Vendor consultation
    • Technical documentation
    • Using a network sniffer to evaluate specific port needs
  • A work order for TNS will be needed to support the firewalled architecture.
  • Before activating the firewall rules, IT support staff should develop a test scenario for communication through the firewall
  • After going live, IT support staff should perform all tests of communication through the firewall to identify problems while the TSO is scheduled. Problems identified later will require a new firewall request.

IT managers and support staff should understand additional firewall zones add complexity to the design process. Firewalls using a single zone will talk only with the outside, and present the least complicated design. Firewalls with two or more zones will need to communicate both with the outside, and between internal zones.