Skip to main content

Administrative Systems Server Template Rules

Attention Application Owners & Rule Delegates

The following set of firewall policies, referred to as "Template Rules", are provided for administrators of AS owned/managed servers that require a specific set of source hosts/nets and services allowed for administration.

When applying these Template rules, please consider any additional necessary "custom" policies to guarantee the inbound or outbound connectivity that servers will require. Those "custom" policy requests can be made via the Firewall Rule Request form.

Please contact the Firewall Team (firewall-team@lists.stanford.edu) with any questions.

Template Rules 

Traffic Inbound to the Firewall 

From To Ports Description
tasm_em_svrs ANY tasm_em AS EM Services
tasm_scan_svrs ANY ANY AS Security Scanning Services
tasm_bastion_svrs ANY tasm_bastion AS Bastion Services
tasm_infra_svrs ANY tasm_infra AS Infrastructure Services
tasm_manage_svrs ANY tasm_manage AS Management Services
tasm_nagios_svrs ANY tasm_nagios AS Nagios Services

Host Group Object Definitions

Group Members
tasm_em_svrs ciaappg1prd01 | 171.67.5.12
ciaappg1prd02 | 171.67.51.194
tasm_scan_svrs as-qualys-d65 | 171.67.42.130
as-qualys-i27 | 171.67.42.133
tasm_bastion_svrs asinfraprd01 | 171.67.38.8
asinfraprd06 | 171.67.38.9
asinfraprd22 | 171.67.42.199
ascoreinfra01 | 171.67.39.3
jetfire | 171.67.39.14
solitude | 171.67.39.25
tasm_infra_svrs asinfraprd05 | 171.67.42.137
asinfraprd06v | 171.67.39.30
asinfraprd08 | 171.67.42.140
asyumprd01 | 171.67.42.189
asyumprd02 | 171.67.42.219
nwinfraprd04 | 172.20.134.12
ascoreinfra01 | 171.67.39.3
jetfire | 171.67.39.14
tasm_manage_svrs

asinfraprd03 | 171.67.39.2
asinfraprd20 | 171.67.39.8
asinfraprd20 | 171.67.39.18
ascoreinfra06 | 172.20.134.3
tasm_nagios_svrs asinfraprd09 | 171.67.42.148
nagios01 | 171.67.217.115
nagios02 | 171.67.217.114

Service Group Object Definitions

Group Ports
tasm_em tcp: 22
tcp: 1159
tcp: 3872
tcp: 4889
tcp: 7799
tasm_bastion tcp: 22
tasm_infra tcp: 80
tcp: 443
tasm_manage

tcp: 135
tcp: 137
tcp: 139
tcp: 445
tcp: 8192-8194
tcp: 4900-5000
tcp: 3389
tcp: 80
tcp: 2607
tcp: 443
tcp: 22
tcp: 1311
udp: 161-162
tcp: 2701
tasm_nagios

tcp: 5666
tcp: 12489
tcp: 80
tcp: 443
tcp: 4373

Roles

Template Owner

The template owner is responsible for determining, maintaining, and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.

Current Template Owners:

  • Armand Capote
  • Stanley Lee
  • Laurie Miller
  • Calvin Hom

Application Owner

Responsible for approving the template rules initially and for requesting the addition of hosts behind the firewall to the "windows_hosts" group.

System Administrators 

Request rule approval from the application owner to put in place the template rules or to apply them to hosts (adding them to the template "windows_hosts" group).

ISO Security

The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.

 

Last modified