Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

ARCHIVED: Indiana University Data Center Firewall

Note: As of April 2014, this legacy system is no longer in production. See Using Firewall Manager.

Indiana University has two enterprise-class Data Centers: one in Bloomington and one at the ICTC building in Indianapolis. By default, all new network connections are placed behind the firewalls of the Data Centers, which block incoming traffic and allow outbound traffic. To provide necessary access to your host, or to view, change, or delete a firewall policy, visit the UITS Firewall Request Page.

Note: At the beginning of the fall and spring semesters, UITS observes a "change freeze" for approximately two weeks, during which only absolutely necessary changes are made with upper management approval. Keep this in mind when making firewall policy change requests.

On this page:


Ensuring you're a member of a Firewall Group

Note: If your group already has a Policy ID for the firewall, proceed to Adding, changing, and deleting a firewall policy.

Before submitting a firewall policy request or using the Policy Viewer, you need to be a member of a valid ADS group account. If you do not already have one, ask your IT Pro to create the account and add users.

When accessing the UITS Firewall Request Page, if you are not a member of a Firewall Group, you will see a page titled "Welcome to the UITS Firewall Request Page". Fill out the page and submit the form, completing the following fields:

  • Group name: Typically a three-letter name (e.g., SAV)

  • Friendly name: Full name used to describe your group (e.g., Storage and Virtualization)

  • ADS group: The ADS group account of which you are a member

  • Manager's IU Network ID username: The manager of your group or department will have the ability to add members to the Firewall Group account.

After receiving a confirmation email from Campus Network Engineering stating that the Firewall Group account has been created, you can proceed.

Note: Once your Firewall Group account is created, you will not have to repeat the steps above.

Back to top

Adding, changing, and deleting a firewall policy

Note: You can belong to multiple Firewall Groups, but only one host per request is permitted.

Before making your firewall policy request, have the following information ready:

  • Source IP address
  • Destination IP address: Your new host
  • Service: Protocol (UDP, TCP or ICMP) and ports (name or number) to which to allow access on the destination host IP

To add, change, or delete a firewall policy:

  1. Go to the UITS Firewall Request Page. You can also access the Policy Viewer on this page.

  2. Click Make Request.

  3. Choose Server or Subnet.

  4. Choose IUB, IUPUI, or PCI-DSS (for IU merchants only).

  5. Choose Add, Change, or Delete.

    If you choose Add, you will then have to specify if the request requires a new piece of physical equipment, data cabling, or an inventory entry. Click Yes or No.

  6. On the resulting page, fill out the fields using the "Formatting Help" box as a guide.

    Note: Restrict access as much as possible. For example, entering "IU Statewide" as the source will allow IU affiliates from all IU campuses to access the site or service.

  7. Click Make Request.

Firewall policy requests are routed to your group manager for approval. You will receive email from Campus Network Engineering when your firewall policy request has been completed.

Back to top

Resources

Following are resources you may need on your new host:

  • NETSTAT: A tool accessed from the command line if you don't know which ports and protocols are being used

  • TCPVIEW: A Windows GUI utility for mapping services to ports

Note: At the beginning of the fall and spring semesters, UITS observes a "change freeze" for approximately two weeks. During change freeze, only changes that are crucial and accompanied by director-level approval are made. Keep this in mind when making firewall policy change requests.

Back to top

Examples of common firewall requests

A common request for access to ports http and https (tcp 80 and tcp 443) from an "All IU statewide" host might look like the following:

  • Destination: 123.123.123.123 (firewall.not.iu.edu)

  • Source: All IU statewide

  • Service: tcp 80 and tcp 443 (http and https)

The "Destination" will usually contain a single host address, but could be a subnet range or group in the Data Center.

The "Source" can be as broad as the entire Internet or as narrow as a single IP address, and may be defined as single, groups, or networks.

Groups used as destinations must be placed behind the firewall. Some common group ranges are:

  • All IU statewide
  • All IUPUI networks
  • All IUB networks

Networks can also define a source or destination. Networks used as destinations must also be behind the firewall. Common network hosts are:

  • 156.56.12.0/24
  • A single host
  • 129.79.1.1
  • 129.79.1.1
  • 129.79.1.2

Service ports will be tcp, udp, or both. Some service ports can be defined with special timeouts. Common service names may be used, but be sure to include the type and port number:

  • http tcp 80
  • https tcp 443
  • icmp (ping)
  • ssh tcp 22

Back to top

This is document azwj in domain all.
Last modified on April 16, 2014.

I need help with a computing problem

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.



Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

I have a comment for the Knowledge Base

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.