Firewall Template Rules
Traffic Inbound to the Firewall
| From | To | Ports | Description |
|---|---|---|---|
| iso-secops-windows-pbh | destination_host | tisl_lout | Personal Bastion LightsOut |
| as-idg-nagios-monitoring | destination_host | icmp, ping | Ping |
| as-idg-nagios-monitoring | destination_host | tisl_https | Web Services |
Traffic Outbound from the Firewall
| From | To | Ports | Description |
|---|---|---|---|
| source_host | as-idg-nagios-monitoring | ICMP,Ping | Outbound Ping |
| source_host | as-idg-nagios-monitoring | tisl_https | Outbound Web Services |
| source_host | iso-secops-windows-pbh | Any | Any to Personal Bastion |
| source_host | g_su_dns_servers | g_dns | Campus (anycast) DNS services |
| source_host | g_su_dhcp_servers | DHCP | Campus DHCP services |
Address, Service & Object Definitions
| Object / Group | Members |
|---|---|
Address & Address Groups |
|
| iso-secops-windows-pbh | 171.67.47.160/28 |
| as-idg-nagios-monitoring | 171.67.217.114 171.67.217.115 |
Service & Service Groups |
|
| tisl_lout | TCP:22, 80, 443, 3668, 5900-5901 | UDP:623 |
| tisl_https | TCP:443 |
Roles
Template Owner
Responsible for determining, maintaining and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.
Current Template Owners
- Ping Wei
- Stacy Lee
- Jeremy Tavan
- Adam Todd
- Todd Boyen
System Administrators
Request rule approval from the application owner.
ISO Security
The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.
