Skip to content Skip to site navigation

Firewall Rule Request Process

Firewall Rule Requests

  • While anyone with a SUNet ID can submit a firewall rule request, only the designated Application Owners or Rule Approvers (as appears in the Approver options field) can approve requests submitted for a firewall project.
  • If the rule request is for sources and services that match the default template in use by your ruleset, the request can be completed via NetDB Automation.
  • Rule Request Process:
    • Please identify the following access information for your firewall rule:
      • Type - Add (a new) or Remove (an existing) rule.
      • ​Action - Two primary actions are available: "permit" which explicitly allows a service through on a particular port, or "deny" which explicitly blocks traffic.
      • Source host - Represented as an IP address or the DNS name of the host.  These are the hosts external to your network for which you wish to authorize access to your resources.
      • Destination host - Represented as an IP address or the DNS name of the host.  These are the resources on your network such as web servers, mail servers, etc.
      • Port (Service) - Represented as the uniquely identified port number (80) or well-known name (http).  A port represents an endpoint or "channel" for network communications. Port numbers allow different applications on the same computer to utilize network resources without interfering with each other.   
      • Protocol - Depending on the port or service requested, the option is TCP, UDP, both or ICMP.
      • Comments - Use this text box to supply additional information for the Firewall Team, the selected Approver or individuals included ("Other Email" field) on the request form.
    • Upon submission of the request form, an email copy will be sent to the Firewall Team,  you, the selected Approver as well as any additional individuals included in the "Other Email" field.
    • Once the selected Approver replies-all to the request email and "Approves" the request, the Firewall Team will begin processing the request.  Note that if the requester is also the designated Approver of the project for which the request was submitted, explicit "Approval" is un-necessary.
    • The request will be completed within 1 business day of the Firewall Team receiving approval, provided that are no additional clarifications needed.  Note that requests containing 10 or more rules may require additional processing time. 
    • Once the firewall rule request has been processed, the Firewall Team will reply to all parties with a "Complete" confirmation email.  Note that upon receipt of this completion email, your requested rules are active on the respective firewalls.

The following is an example of a firewall rule request:

 

Last modified December 9, 2015