Main Nav

Without getting into Science-DMZ issues, I'd like to hear from the RU/VH (Research Universities/very high research activity: formerly R1 institutions) campuses (see for list) concerning which of you (if any) have border firewall(s) in place that essentially default to a deny rule for inbound traffic.


No need to get philosophical about the usefulness of said implementation; you'd be preaching to the choir.    However, we do need to know if anyone does have this specific environment in place and, if so, can we speak to you about it?      I noted in one thread that "Reportedly, UC Irvine has taken a different approach and implemented a default deny rule for inbound traffic at the campus border.  Based on my understanding, any person can request a hole be poked in the firewall via some type of self-service web application so there is a very low bar for allowing connections, but most things are blocked by default" -- is anyone familiar with UC Irvine's border network architecture and whether or not this is indeed the case?


Prompt feedback or pointers would be greatly appreciated -- thanks!!


-- Jim Gogan

    Director, Networking

    University of North Carolina at Chapel Hill

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at


We do not have border firewalls here (UC Berkeley). I don't know enough about what Irvine does to provide much extra detail. I do know that having a border firewall is not common for other UC campuses though. iso