Skip to Services content

Firewall Exception Request

This form is for requesting new firewall exceptions.  For directions on how to request a renewal, expiration, or other change to an existing request, see this page.

The Firewall Exception Request form is used to collect all the information required to meet the University of Georgia's network security measures. The University of Georgia employs various security measures that prescribe the nature of the traffic permitted, including a default "deny all" policy for all incoming traffic. Any incoming traffic not explicitly requested and approved may be prevented from accessing the University network. In order to facilitate the needs of the University, certain exceptions must be requested to allow access to protected resources.

It is important that EITS be presented with all necessary information for each request in order to perform adequate risk analyses and grant access. Any Firewall Change Requests that are not viable can be brought up for appeal with the University Information Security Officer.

Requests allow units to establish specific rules based on the function of the network.  These exception requests may be submitted by DNLs.

 


Firewall Exception Request Examples

 

Single Exception - Departmental Web Server

In this example the requester wants a departmental HTTP Web Server to be able to be reached by one or more IP addresses on the Internet.

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IP assigned to the HTTP WebServer is specified as 128.192.6.10.
  • IP restrictions (available to any/all IPs), action, and direction have been selected.
  • The departmental server does not contain or process sensitive data.
Single Exception - Departmental Web Server
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.6.10 HTTP Web Server (port 80) any * Permit * Toward Inside IP * (No)

 

Single Exception - Departmental Web Server in the BDC

In the example below, the requester wants a departmental HTTP Web Server in the BDC,located at 128.192.1.10, to be able to send data to, and receive data from, the Internet.

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IPs assigned to the server is specified as 128.192.1.10.
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • The BDC server does not contain or process sensitive data.
Single Exception - Departmental Web Server in BDC
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
BDC
128.192.1.10 HTTP Web Server (port 80) any * Permit * Bidirectional * Yes

 

Range Exception - Departmental Web Server Cluster

In the example below, the requester wants a departmental web server cluster that provides both HTTP service and HTTPS service to be able to be reached by one or more IP addresses on the Internet..

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IPs assigned to the cluster are 128.192.7.10 - 128.192.7.20 (or 128.192.7.128/25). Range for IPs have been specified using a hyphen (-).
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • The specified server cluster does not contain or process sensitive data.
Range Exception - Departmental Web Server Cluster
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.7.10 - 128.192.7.20
or 128.192.7.128/25
HTTP Web Server (port 80), HTTPS Web Server (port 443) any * Permit * Toward Inside IP * (No)

 

Multiple Exceptions - Multiple Departmental and BDC Servers

In the example below the requester wants the Departmental server that provides both HTTP service and HTTPS service to be able to send data to the Internet, the BDC server that provides STMP service to both send and receive data to the internet and the BDC Departmental server that provides SSH service to send data to the internet.

  • BDC, Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • Multiple IP ranges have been specified for the servers, using accepted notation.
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • None of the servers processes or stores sensitive data.
Multiple Exceptions - Multiple Departmental and BDC Servers
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.7.10 - 128.192.7.13 HTTP Web Server (port 80), HTTPS Web Server (port 443) any * Permit * Toward Inside IP * (No)
Edge
BDC
128.192.7.55 STMP (port 225) any * Permit * Bidirectional * (No)
BDC
Departmental
128.192.7.128/25 SSH service (port 22) any * Permit * Toward Inside IP * (No)