CTSC Druva Template Rules

Attention Application Owners & Rule Delegates

The following set of firewall policies, referred to as "Template Rules", are provided for administrators of CXS/CTSC based servers that require a specific set of source hosts/nets and services allowed for administration.

When applying these Template rules, please consider any additional necessary "custom" policies to guarantee the inbound or outbound connectivity that servers will require. Those "custom" policy requests can be made via the Firewall Rule Request form.

Please contact the Firewall Team (firewall-team@lists.stanford.edu) with any questions.

Firewall Template Rules

Traffic Outbound from the Firewall

From	To	Ports	Description
ANY	g_druva_fs_bk_client	443t	HTTPS

Group Object Definitions

Group	Members
g_druva_fs_bk_client	backup-phoenix.druva.com deviceapigw-phoenix.druva.com devicemgmt-reverseproxy-dcp.druva.com druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3alias.s3.us-east-1.amazonaws.com druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3alias.s3.us-east-1.amazonaws.com druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.us-west-2.amazonaws.com dtp-c0-us-west-2-phoenix.druva.com globalapis.druva.com login.druva.com phoenix.druva.com pub-devicemgmt-devicenotifier-dcp.druva.com

Group

Members

g_druva_fs_bk_client

backup-phoenix.druva.com
deviceapigw-phoenix.druva.com
devicemgmt-reverseproxy-dcp.druva.com
druva-us0-devicefile-zqztwnudbwnx5u8j1bx4x6qbq8dmhuse1a-s3alias.s3.us-east-1.amazonaws.com
druva-us0-devicepack-mkpuot7uiirhb5wrphs1a9h946aeeuse1b-s3alias.s3.us-east-1.amazonaws.com
druvaphn-usw2-oxfxnrq6z6cjd5p7kbmefgzk6d73ausw2a-s3alias.s3.us-west-2.amazonaws.com
dtp-c0-us-west-2-phoenix.druva.com
globalapis.druva.com
login.druva.com
phoenix.druva.com
pub-devicemgmt-devicenotifier-dcp.druva.com

Roles

Template Owner

Responsible for determining, maintaining and modifying the template rules and membership of the different server groups. The application owner is notified regarding any changes to the template.

Current Template Owners

Jai Sharma

System Administrators

Request rule approval from the application owner.

ISO Security

The ISO group will audit the rules and make recommendations as needed or upon request from either the System Administrators or the Application Owners. In addition, any changes to this template must be reviewed by ISO prior to implementation.