ARCHIVED: Indiana University Data Center Firewall

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Note: As of April 2014, this legacy system is no longer in production. See Use the Campus Network Portal (CNP).

Indiana University has two enterprise-class Data Centers: one in Bloomington and one at the ICTC building in Indianapolis. By default, all new network connections are placed behind the firewalls of the Data Centers, which block incoming traffic and allow outbound traffic. To provide necessary access to your host, or to view, change, or delete a firewall policy, visit the UITS Firewall Request Page.

Note: At the beginning of the fall and spring semesters, UITS observes a "change freeze" for approximately two weeks, during which only absolutely necessary changes are made with upper management approval. Keep this in mind when making firewall policy change requests.

On this page:

Ensuring you're a member of a Firewall Group

Note: If your group already has a Policy ID for the firewall, proceed to Adding, changing, and deleting a firewall policy.

Before submitting a firewall policy request or using the Policy Viewer, you need to be a member of a valid ADS group account. If you do not already have one, ask your IT Pro to create the account and add users.

When accessing the UITS Firewall Request Page, if you are not a member of a Firewall Group, you will see a page titled "Welcome to the UITS Firewall Request Page". Fill out the page and submit the form, completing the following fields:

  • Group name: Typically a three-letter name (e.g., SAV)
  • Friendly name: Full name used to describe your group (e.g., Storage and Virtualization)
  • ADS group: The ADS group account of which you are a member
  • Manager's IU Network ID username: The manager of your group or department will have the ability to add members to the Firewall Group account.

After receiving a confirmation email from Campus Network Engineering stating that the Firewall Group account has been created, you can proceed.

Note: Once your Firewall Group account is created, you will not have to repeat the steps above.

Back to top

Adding, changing, and deleting a firewall policy

Note: You can belong to multiple Firewall Groups, but only one host per request is permitted.

Before making your firewall policy request, have the following information ready:

  • Source IP address
  • Destination IP address: Your new host
  • Service: Protocol (UDP, TCP or ICMP) and ports (name or number) to which to allow access on the destination host IP

To add, change, or delete a firewall policy:

  1. Go to the UITS Firewall Request Page. You can also access the Policy Viewer on this page.
  2. Click Make Request.
  3. Choose Server or Subnet.
  4. Choose IUB, IUPUI, or PCI-DSS (for IU merchants only).
  5. Choose Add, Change, or Delete.

    If you choose Add, you will then have to specify if the request requires a new piece of physical equipment, data cabling, or an inventory entry. Click Yes or No.

  6. On the resulting page, fill out the fields using the "Formatting Help" box as a guide.

    Note: Restrict access as much as possible. For example, entering "IU Statewide" as the source will allow IU affiliates from all IU campuses to access the site or service.

  7. Click Make Request.

Firewall policy requests are routed to your group manager for approval. You will receive email from Campus Network Engineering when your firewall policy request has been completed.

Back to top


Following are resources you may need on your new host:

  • NETSTAT: A tool accessed from the command line if you don't know which ports and protocols are being used
  • TCPVIEW: A Windows GUI utility for mapping services to ports

Note: At the beginning of the fall and spring semesters, UITS observes a "change freeze" for approximately two weeks. During change freeze, only changes that are crucial and accompanied by director-level approval are made. Keep this in mind when making firewall policy change requests.

Back to top

Examples of common firewall requests

A common request for access to ports http and https (tcp 80 and tcp 443) from an "All IU statewide" host might look like the following:

  • Destination: (
  • Source: All IU statewide
  • Service: tcp 80 and tcp 443 (http and https)

The "Destination" will usually contain a single host address, but could be a subnet range or group in the Data Center.

The "Source" can be as broad as the entire Internet or as narrow as a single IP address, and may be defined as single, groups, or networks.

Groups used as destinations must be placed behind the firewall. Some common group ranges are:

  • All IU statewide
  • All IUPUI networks
  • All IUB networks

Networks can also define a source or destination. Networks used as destinations must also be behind the firewall. Common network hosts are:

  • A single host

Service ports will be tcp, udp, or both. Some service ports can be defined with special timeouts. Common service names may be used, but be sure to include the type and port number:

  • http tcp 80
  • https tcp 443
  • icmp (ping)
  • ssh tcp 22

Back to top

This is document azwj in the Knowledge Base.
Last modified on 2018-01-18 16:23:09.

Contact us

For help or to comment, email the UITS Support Center.