04/12/2020

Firewall – Obligations

Through the completion of the firewall change, emPSN will permit or deny the traffic as outlined within the form or as is required for the application/service at the time of implementation.  Whilst we endeavour towards and strongly advise implementing firewall rules in the least permission access basis where ever possible, it is your information security.  Where we believe the requested rule is too general or broad as stated you will be asked to be more specific.  If you do not understand the implications of the change being requested you are advised to seek guidance from your local IT Manager or IT support partner.

It remains the responsibility of the Site Administrator (or appointed delegate) for the effective operation of the equipment situated within the customer network.  This includes, but is not limited to, ensuring that the devices which access or are accessed from the Internet are hardened, patched, and maintained with appropriate security updates and that access logs are regularly checked to monitor unauthorised access or breach.

emPSN recommends that customers review firewall rules regularly to ensure security is maintained for customer equipment and devices.

Please be realistic about the time table for when you would like the change to be completed.  

  • A standard change would be to set up rules for a new device you are deploying, this has a target SLA of 24hours from the point the change is logged. 
  • A large set of changes will take longer, and the target for completion is 5 working days from the point the change is logged.
  • A request for information/copy of your current configuration and rules will be targetted for completion is up to 5 working days, some configs are extensive hence the target time.
  • Urgent changes can be actioned quicker on the basis acceptable justification is given, we cannot guarantee urgent requests can be treated as such – almost everyone asks for ASAP.  Where changes are urgent please title the change EXPEDITED.

Upon completion of the request, we ask that you conduct testing and request for ticket closure in a timely manner.  Changes will be closed 3 working days after completion unless a customer response is received.

If you have issues with a change once a ticket is closed please create a new change request with Nasstar Change Control – https://nasstar.service-now.com/serviceportal – referencing the original change details (Change References are in the format CHGxxxxxxx, CHG and then a number)

Where an adjustment is required to an in-process change, please do not be offended when asked to raise a further change to achieve the additional requirement.  If your initial change has been implemented on the firewall, we will ask for further adjustments to be raised as additional changes as adjustments need logging, review/triage, built, quality assurance and deployment.

Troubleshooting Changes

Occasionally customers report that firewall changes do not allow the application or service to function as intended.  In these instances we will work with you and your vendor to seek a functional solution, this can take some time to achieve and we ask for some patience while we work through this process.

  1. Please report non-working changes to the change team.
  2. Please check the change request form to ensure you have gathered the correct details and recorded it accurately.  We copy the details you provide and set this up for you.  If you need to update the change form let us know and we will update the rules.  Typos and omissions are the most common source of changes not working.
  3. If service is still not operating as expected, it is practical to perform packet captures, please arrange a time for us to work with you, give the IP address you will be testing from, and make yourself available.  We will observe the traffic to and from the firewall to try and determine why it is failing.  Please work with the Firewall IP security team and they will get you working.
  4. Let us know and we will take a look support@empsn.org.uk 

Useful Links

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners