Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Security

Firewall Change Request Process

This article explains the process for a requesting firewall change.

  • All requests must use the online form at the ITS Self-Service Portal. The request must be as detailed and complete as possible.
  • The Firewall Engineer may send tickets to the ITS Security team for review if the request has a broad scope or presents a potential security risk.

Service Types

  1. Problem Resolution/Service Restoration
    • Problem requests are those made under direction of a Problem Manager in the course of managing the resolution of a problem, or identified as such by the Information Security Officer.
    • Urgent problem requests will be processed before other firewall change requests and will be implemented either as soon as possible or during a change window, as determined by CAB.
  2. Routine Changes
    • Routine changes as approved by CAB (draft summary below, pending CAB approval).
  3. Project Related/Other Changes
    • CAB approval required, including out-of-cycle changes.
Change type Lead time Change window

Problem Resolution

As required

ASAP

Routine

3-5 business days

Tuesday or Thursday change window

All other

15 business days, including CAB and IT Security approvals (note: the scope of the change could cause delays in this process)

Thursday window

Firewall Request Process Overview

Change Title

Description

Firewall - Create VLAN Interface

Creating new VLAN interface

Firewall - Create Security Zone

Creating new security zone

Firewall - Simple Policy Change

Simple addition to existing firewall policy. An example would be the addition of an IP address or a well-known or easily verifiable port to the firewall policy or policy group. Would involve no more than two firewalls, four or fewer security zones, ten or fewer hosts and that the requested change is the same for the hosts involved, six or fewer ports and/or applications

Firewall - Creation of Policies

Creation of a new security policy that does not require a security review and involving:
at most two firewalls, four or fewer security zones, ten or fewer hosts and that the requested change is the same for the hosts involved, six or fewer ports and/or applications

Firewall - Addition of Routes

Implementation of a static route on the firewall to allow VLANs not directly attached to the firewall to be reachable

Firewall - Addition of NAT

Creation of network address translations on the firewall for new hosts or hosts without current address translations




Keywords:security, safety, cab   Doc ID:24036
Owner:Dave J.Group:University of Chicago
Created:2012-04-26 10:49 CDTUpdated:2017-03-27 12:44 CDT
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  4   0