Firewalls & Virtual Private Networks

MSU Information Technology protects data transferred over the MSU network by assessing, installing, and configuring security devices, such as firewalls and intrusion detection and prevention (IDP) systems, and investigating security incidents.

Firewall Design and Operation

MSU IT works with customers to design and implement network firewalls. This includes working with customers to determine their needs and design firewall zones to complement those needs.

Campus departments and units can utilize the expertise of MSU IT to minimize the time and cost of firewall implementation regardless of who implements the design.

MSU IT can also oversee the operation of network firewalls, including the configuration and troubleshooting.

The firewall operation service also provides changes to firewall rulesets, software/firewall upgrades, IPS signature upgrades, and device management. Troubleshooting includes a detailed analysis of traffic flows and packet captures to help determine necessary firewall ruleset updates.

A virtual private network is also an option when it comes to virtual networking.

Virtual Private Networks (VPN)

Also known as Campus VPN, MSU secure remote access, or F5 BIG-IP Edge, this service provides the MSU community to securely connect to the MSU campus network. This VPN connection works from any location, whether in East Lansing or anywhere around the world.

Faculty, staff, retirees, trustees, and students can access and download the new Campus VPN (F5 BIG-IP Edge Client) using their MSU NetID at vpn.msu.edu.

An MSU VPN override may be requested by a sponsoring faculty or staff member for VPN access for temporary/on-call employees, vendors, affiliates, and other NetIDs associated with university business.

Learn How to download F5 Campus VPN

When is it necessary to connect to Campus VPN?

Not everyone will need to connect to Campus VPN.

To determine if you need to connect:

  1. Test your application without the VPN.
  2. If your application does not work, connect to the VPN and test again.
  3. If it still doesn’t work, contact the IT Service Desk at (517) 432-6200 or visit ithelp.msu.edu.

The following list of examples will help you determine whether or not to use the VPN:

  • Never required for:
    • External MSU and college websites
    • Avaya IX SIP
    • Spartan 365
    • Zoom
    • Microsoft Teams
    • EBS
    • Athena EMR
  • Always required for:
    • MSU E-Data Warehouse
    • MSU FileShare
    • Mainframe SIS
  • Always required (MSU IT):
    • In general, if you work for MSU IT and access things in the Data Center, you will likely need the Campus VPN to work remotely
    • SEP Management Console
    • Quest Active Roles
    • SolarWinds

Requesting access to the VPN

If you are unable to connect to Campus VPN, you can file an eARM to request access.

  1. Go to go.msu.edu/access-requests
  2. Check VPN towards the bottom of the list
  3. Click Next
  4. In the text field, begin typing the last name of the user requesting access
  5. Click Add
  6. Click Next
  7. Choose Add for the Base option (this applies to most users; if not, read the descriptions for more information)
  8. Enter the business need in the Comments section
  9. Click Save
  10. If the information is correct, click Submit All Requests

More information on VPN access can be found within MSU IT’s TeamDynamix Knowledge Base.

Discrete Point-to-Point VPN

MSU IT can consult with MSU departments on whether a local discrete point-to-point VPN may also be needed as part of a unit’s local network needs. A VPN can span physical locations on campus so employees in several different buildings can still be part of one network. A virtual firewall is also an option when it comes to virtual networking.