Skip to content Skip to site navigation

University Firewall Rule Request Process

Requesting Firewall Rules

The following are guidelines and tips for the application owners or rule approval delegates with University firewall service projects:

  • Rule Request Process:
    • Please identify and prepare to provide the following access information for your firewall rule:
      • Type - Add (a new) or Remove (an existing) rule.
      • ​Action - Two primary actions are available: "permit" which explicitly allows a service through on a particular port, or "deny" which explicitly blocks traffic.
      • Source host - Represented as an IP address or the DNS name of the host.  These are the hosts external to your network for which you wish to authorize access to your resources.
      • Destination host - Represented as an IP address or the DNS name of the host.  These are the resources on your network such as web servers, mail servers, etc.
      • Port (Service) - Represented as the uniquely identified port number (80) or well-known name (http).  A port represents an endpoint or "channel" for network communications. Port numbers allow different applications on the same computer to utilize network resources without interfering with each other.   
      • Protocol - Depending on the port or service requested, the option is TCP, UDP, both or ICMP.
      • Comments - Use this text box to supply additional information for the Firewall Team, the selected Approver or individuals included ("Other Email" field) on the request form.
    • Upon submission of your rule request via the Firewall Service Request form, a SNOW ticket will be generated.  Once this SNOW ticket has been approved by the corresponding Application Owner or Rule Delegate for the (destination) project, the Firewall Team will begin processing the request.  
    • The request will be completed within 1 business day of the Firewall Team receiving the approved SNOW request, provided that there are no additional clarifications needed.  Note that requests containing 10 or more rules may require additional processing time. 
    • Once the firewall rule request has been processed, the Firewall Team will complete and close the SNOW request.

A few additional reminders...

  • Anyone with a SUNet ID can submit a firewall rule request. However only the designated Application Owners or Rule Delegates (as appears in the Approver options field) can approve requests submitted for a firewall project.
  • If the rule request is for sources and services that match the default template in use by your ruleset, the request can be completed via NetDB Automation.
Last modified March 10, 2023