Campus Firewalls

DotCIO Information Technologies Infrastructure department implements perimeter campus firewalls which improves overall performance of offnet connectivity and provides further protection against Internet worms and viruses.

Under the firewall policy, unless otherwise specified, generally all outbound connections are allowed and all inbound connections are denied.  Some ports, associated with well known exploits, may be blocked for outbound access.  All connections, permitted and denied, are logged, mainly for troubleshooting purposes.  Access to off campus DNS servers is also denied.

Exceptions for servers, granting inbound access, will be granted on a case-by-case basis. Please refer to the instructions below for information on requesting firewall changes.

Before You Request a Firewall Change.....

Please keep the following guidelines in mind before you submit a request for a firewall change.

  • Rensselaer students who are on ResNet and who have obtained a static IP address may submit a request to run a personal web server (TCP port 80). No other inbound services will be allowed through the firewall, and no other change requests will be accepted for ResNET.
  • If the requested service is to be provided to Rensselaer community members such as faculty, staff, and students, please instruct users to use the VPN service rather than requesting firewall modification. (Note that the VPN service requires an RCS account, but guest accounts can be sponsored for non-RPI members. Such accounts may also be more appropriate than general firewall changes.
  • Firewall change requests will only be considered if they are from a faculty or staff member (with the exception of port 80 to a ResNet IP address, as noted above). Students requesting services should find the appropriate faculty or staff sponsor to submit the request.

Submitting a Firewall Change Request

Complete the firewall change request form. You will need to include the following information:

  • IP address of server - must be a static IP address registered in Rensselaer's DNS
  • MAC address of server
  • Physical location of server (building and room number)
  • Name and contact information for primary and secondary server administrators
  • Description of service to be provided
  • Application protocol (TCP, UDP, other), port number(s)
  • IP address(es) or range(s) of external sites needing access

Requests will be answered within three business days. However, please note that some requests may require sign-off approval from additional personnel in your department.

The server may be scanned for vulnerabilities as part of the request process. Periodic scans may be also performed to ensure servers are maintained following industry best practices. Any servers that fail to stay current may have their firewall changes revoked.