Get Help

Online: Request Help
Phone: (707) 826-4357 • Hours
Walk-In: Library 101 • Hours
Reset HSU Password
System Status

Add or change firewall rule

Printer-friendly version

Add, modify, or remove a firewall ruleset in the Border or Server Farm firewalls.

Impact of Change: 
Test Plan: 

After change, check major web sites from cell phone using carrier data network to verify that ruleset is not corrupted

Communication Plan: 
Low impact, so not typically systatted. Requesting service admins are notified via IFD request process
Implementation Procedure: 

--Palo Alto Firewalls (Border)---
Connect to management IP address via https.
Login with a admin account.
Check if their are any pending changes by viewing the "commit" icon in the top right corner. It will be lit if there are, also you can hover mouse over the icon for the status.
If needed, under Device->Management you can 'revert to running-configuration' to clear the pending changes.
Add, modify, or delete existing rule. Take care to make sure it has a logical location in the order of operations (ie not after a deny all rule)
Once rules are in place, click commit button. You can preview the changes to make sure the only changes match what you did. The commit automatically creates a new version of the config no other steps needed. Test by generating traffic from off campus to a device behind the firewall. (ie VPN service or http to ITS website)

---Juniper Firewalls (Server Farm)---
Connect to Firewall cluster with NSM Software
backup current running config
add new rule in local NSM software
validate rules and check for errors
deploy rules via NSM
test from off campus

Change Approval: 
IFD change process through TNS web site
Production Validation Plan: 

Check main web site functionality from off campus as well as the newly modified rule

Backout Plan: 

revert to backed up rule via NSM software

Not Approved