DotCIO Information Technologies Infrastructure department implements perimeter campus firewalls which improves overall performance of offnet connectivity and provides further protection against Internet worms and viruses.
Under the firewall policy, unless otherwise specified, generally all outbound connections are allowed and all inbound connections are denied. Some ports, associated with well known exploits, may be blocked for outbound access. All connections, permitted and denied, are logged, mainly for troubleshooting purposes. Access to off-campus DNS servers is also denied.
Exceptions for servers, granting inbound access, will be granted on a case-by-case basis. Please refer to the instructions below for information on requesting firewall changes.
Before You Request a Firewall Change.....
Please keep the following guidelines in mind before you submit a request for a firewall change.
- If the requested service is to be provided to Rensselaer community members such as faculty, staff, and students, please instruct users to use the VPN service rather than requesting firewall modification. (Note that the VPN service requires an RCS account, but guest accounts can be sponsored for non-RPI members. Such accounts may also be more appropriate than general firewall changes.
- Firewall change requests will only be considered if they are from a faculty or staff member. Students requesting services should find the appropriate faculty or staff sponsor to submit the request.
- The server will be scanned for vulnerabilities as part of the request process. Periodic scans may be also performed to ensure servers are maintained following industry best practices. Any servers that fail to stay current may have their firewall changes revoked.
- Institute owned and managed servers must have endpoint protection software installed.
- Firewall exceptions will be removed after 366 days of inactivity to prevent accidental network exposure. Owners may be contacted after 180 days of inactivity to verify server/service still in place.
- All requests for firewall exceptions for campus web servers are subject to the requirements of Rensselaer's Web Accessibility Policy which is available here - http://policy.rpi.edu/policy/Web_Accessibility_Policy
Questions about the web accessibility policy and conformance should be directed to the help desk.
Submitting a Firewall Change Request
Submit a request and include the following information:
- IP address of server - must be a static IP address registered in Rensselaer's DNS
- MAC address of server
- Physical location of server (building and room number)
- Name and contact information for primary and secondary server administrators
- Description of service to be provided
- Application protocol (TCP, UDP, other), port number(s)
- IP address(es) or range(s) of external sites needing access
Requests will be answered within three business days. However, please note that some requests may require sign-off approval from additional personnel in your department.