Complete this form when a host(s) needs to talk to another host(s) but is not allowed on one of our network firewalls. This will be for both internal-to-internal requests, internal-to-external, and external-to-internal requests.
Guidelines:
SA = Source Address(s)
DA = Destination Address(s)
Protocols - Because the firewalls inspect the traffic it is easier for us to work with protocols over ports.
Ports - Only use this if the default ports are not available or it is a custom port number.
A Fully Qualified Domain Name (FQDN) must always be used. In the event an IP range needs opened use the following format. (141.216.4.0/24)
Format:
Separate multiple hosts with commas. If opening to the Internet, please state 'Internet.' For ports+protocols, please use a 'port number/protocol' format (e.g. 443/tcp for TLS)
An example request: say you need server1.umflint.edu to start communicating to server2.umflint.edu and server3.umflint.edu, on port 443 with TCP and port 53 on UDP and TCP.
This request should look like the following:
SA: server1.umflint.edu
DA: server2.umflint.edu, server3.umflint.edu
Port(s) + Protocol(s): 53/tcp+udp, 443/tcp
Troubleshooting after the connection is opened:
If you still have connection issues after the ports are opened, please perform any relevant troubleshooting that may rule out the individual host(s) blocking the connections. This includes but is not limited to:
- Verifying the local firewalls also allows this connection, on both hosts.
- Double-checking that both hosts have network connectivity, and are pulling the expected IP's (i.e. verify they aren't accidentally on the wireless/VPN, have multiple NIC's+IP's, etc.)
- Verifying any relevant services that would handle the connection are on and working correctly.
- Running a tcpdump/Wireshark on both hosts, to observe the traffic for unexpected / blocked connections. Please provide the capture file as well for more effective troubleshooting.