Firewall Maintenance

To request changes to existing firewalls use the Firewall Change Request Form. Change request requires the following information:

  • Source
  • Destination
  • Protocol
  • Port(s)

Firewall maintenance (e.g., additions, modifications, deletions to firewall rules) are performed between 5 a.m. to 8 a.m., Monday thru Friday by ITS Network Security Operations staff.

Mandatory maintenance windows are established to ensure the availability of ITS services. This change is an industry best practice and is consistent with many other large universities and major industries. Over time, ITS intends to develop automation techniques that will enable carefully orchestrated business day changes.

Important: All ITS staff who have requested a firewall change should be online between 5 a.m. to 8 a.m. on the scheduled maintenance date to actively test the firewall changes. Exceptions to this rule will require formal approval. Review the exception process for ITS and Unit IT firewall changes.

Process

To assist units in their firewall requests, the ITS Network Security Operations team (ITS-UMnet) will:

  • Assign staff members between 5 a.m. to 8 a.m. each business day to execute planned changes.
  • Schedule time to partner with Unit IT staff on requested changes to iterate and test during the daily 5 a.m. to 8 a.m. maintenance window. Please note, if units choose to test during business hours, all requested modifications are executed during the maintenance window on the following business day.
  • Use business hours to plan for the next business day’s firewall changes and work with Unit IT and ITS firewall partners as needed.

Notes:

  • The cutoff for submitting firewall requests to be completed on the next business day is 3 p.m.
  • ITS Network Security Operations staff develops standard documentation for requested unit firewall changes and rules. They document the plan and share it with Unit IT partners to confirm all requirements and rules are accurately captured. This documentation should decrease the potential for error and minimize the need for testing and iterating.