Skip to content Skip to site navigation

Network Access Control (SUNAC)

A secure way to access firewalled resources

Important information for Workgroup Manager Administrators

Access to firewall documentation and to firewalled systems via SUNAC is granted through Workgroup Manager.  Workgroup administrators are responsible for keeping workgroups up-to-date, making sure to include only those staff who need access to the protected data. Workgroup administrators should remove staff from the appropriate workgroups upon termination of service from the University, when staff relocate to other positions, or when access is no longer required in order to perform a job.

The Stanford University Network Access Control (SUNAC) service enables restricting University firewalled network resources to specific SUNet ID(s) within a workgroup. For individuals working remotely, this is a more secure method to access firewalled resources that should not be reachable by the general University population.


The SUNAC service allows LNAs or application owners to further restrict remote access to academic or administrative resources located behind University IT-managed firewalls. Using Workgroup Manager, access can be limited to specific faculty, staff, or students with a SUNet ID.

SUNAC is available to any academic or administrative group using the University IT-managed firewall service. This includes planning, implementation, and all on-going support costs.  SUNAC enabled firewall rules will be reflected in the corresponding firewall documentation pages.

Designed for

Current faculty, staff, and students; schools and departments


  • Departmental resources must be located behind a University IT-managed firewall.
  • End users need a SUNet ID and password.
  • End users must be a member of a workgroup that has been granted access to the protected resources.

Data security

May be used to transmit Low, Moderate, and High-Risk Data, as defined by the Information Security Office.


Free of charge


Get started

  • Administrators or departmental LNAs wishing to secure their data assets with SUNAC should submit Firewall Service Requests to add workgroups and apply those workgroups to existing firewall policies or create new policies to include workgroup restrictions. Network engineers can assist with crafting rules to ensure that your information is made available to only those who need it
  • End users can use their existing VPN client to access resources through SUNAC.  End users who are unable to access resources should contact their LNA to ensure they have been granted the correct privileges.
  • See Using SUNAC (Stanford Network Access Control) to learn how to log in to the service.

Get help

  • All network systems are monitored 24/7 for performance and component failures. Networking personnel are alerted to failures and will respond to alerts.
  • Normal business hours are Monday through Friday, from 8 a.m. to 5 p.m. No after-hours support is available for the SUNAC service, other than support required to ensure the functionality of the firewalls and associated University IT network devices.
  • Scheduled maintenance windows are Thursday, 4–6 a.m.; Saturday, 5–8 a.m.; and Sunday, 5–8 a.m.

Learn more

See also

Last modified January 31, 2023