Virtual Firewall Service Frequently Asked Questions

Who is Cybera?

Cybera is a not-for-profit technology-neutral organization responsible for driving Alberta’s economic growth through the use of digital technology. Its core role is to oversee the development and operations of Alberta’s cyberinfrastructure — the advanced system of networks and computers that keeps government, educational institutions, not-for-profits, business incubators and entrepreneurs at the forefront of technological change.

 

What is the Virtual Firewall Service?

The Virtual Firewall Service is a scalable software (virtual) solution that Cybera developed for Alberta's public sector organizations (who have bandwidth traffic of less than 1.3 Gbps). It allows multiple institutions to run their own firewall from a virtual environment, doing away with the need for individual hardware setup or maintenance.

 

How is a virtual firewall different from a physical firewall?

From a functionality perspective, both accomplish the same task in the same way. The user interface for the virtual firewall is exactly the same as the hardware version. The biggest differences are in the flexibility that a virtual firewall brings, as it can be moved between different regions, and in cost, as it is much less expensive to maintain.

 

What types of firewalls are currently available through the Virtual Firewall Service?

The Virtual Firewall Service currently supports PaloAlto and FortiNet firewall solutions, both hosted on our Rapid Access Cloud. For each firewall vendor, users can choose between three different virtual machines, depending on their needs. See here for more details. The firewall vendors will provide you with a detailed overview of the capabilities of each offering. 

** Please note that, while PaloAlto and FortiNet software were chosen for this service, Cybera remains agnostic with respect to software firewall technology. 

 

Can I test a virtual firewall solution before committing to Cybera’s Virtual Firewall Service?

Yes, both vendors (Palo Alto and Fortinet) provide 60 days’ evaluation licenses.

 

Are there plans to employ any other firewall solutions?

Cybera staff are currently investigating open-source options, which should further reduce costs for member organizations.

 

Where do I find information on the capabilities supported by each firewall?

Interested organizations should contact the firewall vendor to confirm capabilities and limitations. While Cybera does not act as an agent or reseller of any firewall brands, we are always happy to share our product experiences. 

 

How do I select the right firewall for the needs of my organization?

The firewall vendor will give a detailed overview of the capabilities of each firewall size and will provide a recommendation for the firewall that best suits your needs. Cybera can also provide advice and general guidelines based on our experience implementing virtual firewalls with other organizations, as well as on your traffic requirements and projected growth. 

 

What is required to connect to the Virtual Firewall Service? 

The exact details will need to be determined for each individual organization. Essentially, participants divert their schools’ network traffic through the dedicated firewall, which is hosted on a virtual machine in Cybera’s Rapid Access Cloud. For more details on the steps required to join, please contact firewall@cybera.ca.

 

How much does the Virtual Firewall Service cost?

Depending on the virtual machine of choice, the cost to join the Virtual Firewall Service ranges from $3,800 to $4,800 per year. This does not include applicable taxes and the cost to purchase the virtual machine from the vendors. See here for more details.

 

Where is the Virtual Firewall Service hosted?

The Virtual Firewall Service is hosted on dedicated nodes on Cybera’s Rapid Access Cloud.

To activate your virtual firewall, you will need to open a (free) account on our Rapid Access Cloud, which offers local data storage, Calgary / Edmonton locations, and failover. 

 

Can Cybera manage my firewall?

The Virtual Firewall Service is intended as a self-managed service. Cybera's role is to build and maintain the cloud environment for hosting the virtual firewall. Member organizations are still responsible for the configuration and management of their firewalls, just not the maintenance of the physical infrastructure. As such, members are free to obtain third-party services to manage their firewall just as they could if they owned a hardware firewall at their location.

 

What happens if another school division needs to reboot their firewall?

Nothing. Each firewall virtual machine is hosted in its own private environment on dedicated nodes within the Rapid Access Cloud. If you need to upgrade the software or make configuration changes to your virtual machine, this work can be done during a maintenance window that is convenient to you, and without the need to coordinate with, or impact, other member organizations.

 

My organization is a Virtual Firewall Service member, and we cannot reach our virtual firewall. Whom should we contact?

Please check Cybera’s Network Status page to verify the operational status of the network. If the management interface is not reachable or available, members should contact Cybera at 403-536-0880 or by email at noc@cybera.ca

For general firewall configuration questions and related issues, Virtual Firewall Service members should contact their vendor. 

 

How do I receive communications regarding planned maintenance on the infrastructure and/or outages?

Cybera will communicate with members regarding outages, alerts, and reminders via Revere, our network alert service. You will be added to Revere at the time of onboarding. We strongly encourage  members to keep their contact information up to date on Revere. If you would like any additional persons to be alerted about potential network events, please follow the instructions contained within Revere.

 

Where can I monitor the performance of the firewall?

The firewall vendor’s performance facilities are available to view within the firewall user interface. 

 

Can I purchase internet from a third party?

Unfortunately, no. As the Virtual Firewall Service is hosted centrally, near Cybera’s core router on the Rapid Access Cloud, members need to purchase their internet from Cybera (see Internet Buying Group for more information).

A side benefit of the Virtual Firewall Service is that each individual school/campus can be connected directly to the network, removing the need for a traditional head end and hair-pinning traffic. This results in a more resilient architecture and may lower SuperNet costs.  

 

Is the regional switchover automatic?

Cybera’s Rapid Access Cloud consists of two geographically distinct regions, hosted in Calgary and Edmonton. Currently, the switchover from one region to another is not automatic. Should it become necessary to move your instance, Cybera will contact you to initiate the procedure. See here for more details.

 

We want to use a different vendor product. What is required to do that?

The Virtual Firewall Service currently supports Palo Alto and Fortinet firewall solutions. While we are looking into open-source options, we are also open to suggestions by members, and would be willing to investigate alternatives for future incorporation into the service. Please share your suggestions for firewall solutions with us at firewall@cybera.ca.

 

How can we change the size of our firewall?

Contact your firewall vendor to inquire about an upgrade path. 

It is also important to consider the hosting environment at Cybera, as our Rapid Access Cloud can currently host three sizes of firewall, for both Fortinet and Palo Alto.

 

For more information, please contact firewall@cybera.ca.