What is a VRF:

We are using a VRF as a virtual firewall that blocks incoming traffic from connections outside the VRF. Everything inside a VRF can talk to each other and some VRF's span multiple buildings. Right now VRF is only configured to work on wired connections. 

Why is this being done:

In order to protect the university's network and devices connected to it, CNS is moving all devices to general networks (the equivalent of wifi authentication/protection on the hardwire) or VRF. This increased security will cut down on the number of ISO quarantines about services listening on the public network and prevent devices from being blocked on the network. This will help the increase the university's security profile which will attract new grants and donations. This change is in line with the campus network centralization efforts.

What will still work (please see graphic below):

  1. All traffic within the same VRF
  2. All traffic from any computer connected to VPN from anywhere in the world

  3. All outgoing connections from the computer inside the VRF

  4. If you can perform a task while on Wi-Fi you will be able to perform the same task while in the VRF when connecting to a different department in PMA

  5. Connections to instrument and printer networks

  6. Any whitelisted services (Complete this form to request a service to be whitelisted: https://utexas.qualtrics.com/jfe/form/SV_e4dl1LVXzfUbpgF)

What will no longer work after all the rules are applied (please see graphic below):

  1. Traffic between VRFs
  2. Incoming traffic initiated from TACC (if this is needed please submit an exception request)
  3. Incoming traffic from devices not in the SAME VRF or on VPN

When will this be done:

As new networking requests or quarantine notices come in we will move the device over to the VRF. We will work with some labs to proactively move all devices over the VRF.

What if I have specific needs that need to be discussed or how do I request a firewall rule exception:

Please denote that on the survey -OR- submit a ticket here: https://cns.utexas.edu/help -OR- email help@cns.utexas.edu . Any of these methods will create a ticket and we will contact you ASAP.


  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility