FAQ: Firewall Requests
1. What is Firewall and why we need Firewall Request?
Firewalls protects our NUSNET resources by blocking the unwanted communication and allowing only what is “required” for the application/service.
Firewall by default will deny all the communication unless specifically allowed. With the Firewall Request, we will assess the requirement and allow only the specific communication required for your application or service.
2. What are the Types of Request?
• Addition Request – To add a new firewall rule
• Deletion Request – To delete an existing firewall rule
• Amendment Request – To add/delete an IP or service port from an existing rule / IP group
3. What are Actions defined in the Firewall?
• Permit – To allow a specific source/destination/port combination pass thru the Firewall. Example: To access a new application (NUSWAVE) hosted in serverfarm from NUS user segment
• Deny – To denying a source/destination/port combination by the Firewall. Example: To restrict the new application (NUSWAVE) only to NUS and deny for INTERNET
4. What are the information I need to provide in the Firewall Request?
These are Mandatory information to perform the assessment and accurate implementation of Firewall Rules:
• Source IP / IP group
• Destination IP / IP group
• Protocol
• Port number
• Source Segment (Where the source host is located)
• Destination Segment (Where the destination host is located)
Please refer to the “Read Me” tab in the Firewall Request Template for more explanations and better understanding.
5. Can I request a Temporary Rule?
Yes, you can submit a Temporary rule but the expiry date should be mentioned in the Firewall Request.
6. What is the default expiry date for Temporary Rule?
The expiry date has to be provided by the user based on the requirement. However, the Maximum allowed expiry date would be 3 months from the date of Firewall Rule Implementation.
7. Will I be notified when the Temporary rules are nearing the expiry?
Firewall Rules will be configured with the auto-expiry and it is a sole responsibility of requestor to maintain the record (expiry-date) and submit the extension if required.