Overview
Pitt Information Technology has completed its initiative to replace the University’s enterprise network firewalls ― used in all departments to protect data and devices connected to PittNet ― with next-generation Palo Alto firewalls in summer 2023. The University’s previous enterprise firewall solution was nearing the end of its hardware lifecycle and would no longer receive vendor support or essential security updates. The firewall upgrade provides advanced data security and enhanced protection against viruses, spyware, and application vulnerabilities.
As part of the firewall upgrade, PittNet VPN (virtual private network) is now required for:
- General internet access from wired connections on the Pittsburgh campus (for example, websites and email)
- Access to restricted Pitt resources from wired or Wi-Fi connections at any location (for example, file servers, research resources, and departmental applications
In the past, PittNet Wired users did not have to verify their identity via credentials the way that PittNet Wi-Fi users did. Because the new PittNet VPN service verifies the identity of PittNet Wired users, it enhances security for every member of the Pitt community.
Detail
Security Benefits
Palo Alto firewalls provide many enhanced security features, including the following:
- Robust network malware protection that quickly identifies new malware and automatically generates protective measures
- Intrusion Prevention System (IPS) protection that blocks unwanted applications and scans user-specified applications to identify potential vulnerabilities
- Enhanced application security and DNS threat protection
- Identity-based security policies that provide more control over security measures
- Increased campus network security via Private IP addressing and Active/Active redundant firewall configurations
Take Action
- Individuals and departments should ensure the PittNet VPN (virtual private network) client, available via the Software Download Service (software.pitt.edu), is installed on all individual workstations.
- Departments should have enabled DHCP addressing, rather than static IP addresses, prior to their migration to ensure a smooth transition.
- Departments with devices that cannot support DHCP will need to assign those devices a new static IP address/IP reservation. Note: Servers should not be set to DHCP.
- Request support if you need assistance configuring DHCP, setting new static IP addresses, or distributing the GlobalProtect client to your workstations. We are here to help.
When Is Connection via the PittNet VPN Service Required?
| Scenario |
PittNet Wired |
PittNet Wi-Fi |
Non-PittNet Wired or Wi-Fi |
| General internet access from Pittsburgh campus |
Required |
Not required |
Not required |
| General internet access from home or non-Pitt location |
N/A |
N/A |
Not required |
| Access to restricted Pitt resources from any location |
Required |
Required |
Required |
- General internet access includes websites and email.
- Restricted Pitt resources include file servers, research resources, and departmental servers and applications.
Frequently Asked Questions
Why is the PittNet VPN client now required for on-campus workstations?
The client plays an essential role in enhancing the security of the University’s enterprise network firewalls by:
- Enabling the verification of your identity
- Ensuring your device meets the security requirements to access the network
Requiring the client protects you and your data as well as the University’s network.
Help is Always Available
Please contact the Technology Help Desk at any time if you have questions or need assistance preparing for the enterprise network firewall migration.