Home > Services > Security > Firewall

Firewall

Firewall

The UCT Perimeter Firewall improves campus network security and effectively manages internet bandwidth usage. While the firewall allows access to most internet sites, it protects the UCT network by preventing users from connecting to sites that have known security vulnerabilities. If you manage a service that requires special firewall access, ask ICTS to create a firewall rule for you.

 

Are you affected by the firewall?

You will be affected by UCT’s firewall under these circumstances:

  • Inbound traffic:
    You manage a service that offers access from the Internet into UCT e.g. an email server, web server, database server, etc.

  • Outbound traffic:
    You access services that are hosted outside of UCT which use ports that have been explicitly denied. (See: Currently blocked ports on the UCT perimeter firewall)

What to do if you are affected by the firewall

You will need to log a call to have a firewall rule created.

Before you log the call ...

  • Write a short motivation explaining why you need a firewall rule to be added, modified or deleted.
  • Be sure to include the following information in your motivation for each internal (UCT) computer or server for which you need the rule:
    • Port number
    • MAC address and current IP number
    • IP source address of the service for which you need to add, modify or delete a rule
  • Send the motivation to your Head of Department (HOD) to ask for approval.

Once your HOD has approved your request...

  • Log a call for the particular type of firewall rule that you require. Ensure that you provide all the information that is requested on the form.

 

NOTE: There are 3 types of firewall you could log calls for:
 
  • Firewall – Inbound:
    This rule allows people outside UCT's network to access a service on UCT's network.

  • Firewall - Outbound Exceptions:
    This rule allows a single machine on UCT's network to access a service outside of UCT's network. This type of rule will only apply to ports that are blocked. (See: Currently blocked ports on the UCT perimeter firewall)

  • Firewall - Site Exceptions:
    This rule allows everyone on UCT's network to access a specific service outside of UCT's network.

 

How to log a call for a firewall rule

  1. Log on to https://uct.service-now.com/ess/ using your UCT username and password.
  2. In the Service Management suite:
    • Select Security > Firewall.
    • Select the most appropriate of the firewall call type from the 3 types described above.
    • Fill in the appropriate form and click Submit.
  3. Your request has now been logged with the IT Helpdesk.

NOTE: Your firewall rules will be valid for 2 years after which time you will receive a reminder from ICTS asking whether you wish to keep your rules in place or delete them.