Skip to Main Content

NEW Firewall Exception Request Examples

Single Exception - Departmental Web Server

In this example the requester wants a departmental HTTP Web Server to be able to be reached by one or more IP addresses on the Internet.

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IP assigned to the HTTP WebServer is specified as 128.192.6.10.
  • IP restrictions (available to any/all IPs), action, and direction have been selected.
  • The departmental server does not contain or process sensitive data.
Single Exception - Departmental Web Server
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.6.10 HTTP Web Server (port 80) any * Permit * Toward Inside IP * (No)

Single Exception - Departmental Web Server in the BDC

In the example below, the requester wants a departmental HTTP Web Server in the BDC,located at 128.192.1.10, to be able to send data to, and receive data from, the Internet.

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IPs assigned to the server is specified as 128.192.1.10.
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • The BDC server does not contain or process sensitive data.
Single Exception - Departmental Web Server in BDC
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
BDC
128.192.1.10 HTTP Web Server (port 80) any * Permit * Bidirectional * Yes

Range Exception - Departmental Web Server Cluster

In the example below, the requester wants a departmental web server cluster that provides both HTTP service and HTTPS service to be able to be reached by one or more IP addresses on the Internet..

  • Both Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • The IPs assigned to the cluster are 128.192.7.10 - 128.192.7.20 (or 128.192.7.128/25). Range for IPs have been specified using a hyphen (-).
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • The specified server cluster does not contain or process sensitive data.
Range Exception - Departmental Web Server Cluster
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.7.10 - 128.192.7.20
or 128.192.7.128/25
HTTP Web Server (port 80), HTTPS Web Server (port 443) any * Permit * Toward Inside IP * (No)

Multiple Exceptions - Multiple Departmental and BDC Servers

In the example below the requester wants the Departmental server that provides both HTTP service and HTTPS service to be able to send data to the Internet, the BDC server that provides STMP service to both send and receive data to the internet and the BDC Departmental server that provides SSH service to send data to the internet.

  • BDC, Edge and Departmental firewalls have been checked on the Firewall Exception Request form to accommodate this traffic.
  • Multiple IP ranges have been specified for the servers, using accepted notation.
  • IP restrictions (available to all IPs), action, and direction have been selected.
  • None of the servers processes or stores sensitive data.
Multiple Exceptions - Multiple Departmental and BDC Servers
Request Type(s) Inside IP Address or Range Service Group(s) Outside IP Address or Range Action Direction Sensitive Data
Edge
Departmental
128.192.7.10 - 128.192.7.13 HTTP Web Server (port 80), HTTPS Web Server (port 443) any * Permit * Toward Inside IP * (No)
Edge
BDC
128.192.7.55 STMP (port 225) any * Permit * Bidirectional * (No)
BDC
Departmental
128.192.7.128/25 SSH service (port 22) any * Permit * Toward Inside IP * (No)