University IT
CTSC Druva Template Rules
Attention Application Owners & Rule Delegates
The following set of firewall policies, referred to as "Template Rules", are provided for administrators of CXS/CTSC based servers that require a specific set of source hosts/nets and services allowed for administration.
When applying these Template rules, please consider any additional necessary "custom" policies to guarantee the inbound or outbound connectivity that servers will require. Those "custom" policy requests can be made via the Firewall Rule Request form.
Please contact the Firewall Team (firewall-team@lists.stanford.edu) with any questions.
Firewall Template Rules
Traffic Outbound from the Firewall
| From | To | Ports | Description |
|---|---|---|---|
| ANY | g_druva_fs_bk_client AWS US East S3 IPv4_p AWS US West S3 IPv4_p | 443t | HTTPS |
Group Object Definitions
| Group | Members |
|---|---|
| g_druva_fs_bk_client | 3.216.99.144_28_p 13.214.242.176_28_p 18.200.73.16_28_p 34.223.78.64_28_p 34.223.78.96_27_p 54.88.255.237_32_p 54.88.255.238_32_p 54.88.255.239_32_p 54.191.63.224_29_p 54.191.63.232_30_p 54.191.63.236_32_p 54.191.63.237_32_p 54.191.63.238_32_p 54.191.63.239_32_p backup-phoenix.druva.com_p deviceapigw-phoenix.druva.com_p devicemgmt-reverseproxy-dcp.druva.com_p downloads.druva.com_p dprod-devicestore-file.s3.us-east-1.amazonaws.com_p dprod-devicestore-package.s3.us-east-1.amazonaws.com_p druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3ali_p (druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3alias.s3.us-east-1.amazonaws.com) druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3ali_p (druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3alias.s3.us-east-1.amazonaws.com) druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.u_p (druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.us-west-2.amazonaws.com) dtp-c0-dbs-us-west-1-phoenix.druva.com_p dtp-c0-dbs-us-west-2-phoenix.druva.com_p dtp-c0-us-west-2-phoenix.druva.com_p globalapis.druva.com_p login.druva.com_p phoenix.druva.com_p pub-devicemgmt-devicenotifier-dcp.druva.com_p s3.us-west-2.amazonaws.com_p |
| AWS US East S3 IPv4_p | https://saasedl.paloaltonetworks.com/feeds/aws/us-east/s3/ipv4 |
| AWS US West S3 IPv4_p | https://saasedl.paloaltonetworks.com/feeds/aws/us-west/s3/ipv4 |
Roles
Template Owner
Responsible for determining, maintaining and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.
Current Template Owners
- Jai Sharma
System Administrators
Request rule approval from the application owner.
ISO Security
The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.
