Firewall - FAQ

Last Updated: 05/23/2013

General FAQ

Do I need an exception if my department works with a vendor that connects to our file server?

While some remote management can be accomplished via Web or SSH often remote management is accomplished though software such as Microsoft Remote Desktop. Remote access software such as Remote Desktop requires an exception.  These exceptions will typically be scoped to the vendor.

Do you have a list of pre-existing SMTP servers?

No. If you need information about accepted SMTP servers, contact the IT Service Center.

How does one request an exception?

Requests for exception can be made using an online form.

The CU-Boulder IdentiKey that is used to login will be identified as the technical contact for the certificate. All updates and renewal notifications from the IT Security Office will be directed towards this contact.

How does the border firewall affect video conferencing and chat?

It depends largely on the software or hardware you are using for video conferencing.  If you use an intermediate server (such as with Yahoo, MSN, Netmeeting, etc.), then you should not be impacted by the change.  If video conference participants must connect directly to the IP address of your computer or video conference bridge, you should the IT Service Center to arrange an exception to allow traffic to your system.

Is this the firewall that will be put around other servers or is there another firewall coming?

OIT will be implementing additional firewalls within the network to protect private data servers.

Why is there more than one firewall?

The firewall is deployed in pairs for high availability.  If one should fail, the other will take over for the failed system.

Why is this necessary?

On August 7, 2006, the campus border firewall went live adding a critical layer of protection to networked computer devices. Historically the campus network has been what is commonly called an "open" network. This means that by default all traffic was allowed in from the Internet to ANY system on the campus network (including desktops or laptops on wireless). As a first step, the firewall implementation placed all computing devices in one of two zones based on the local need for inbound academic or business traffic.  That step significantly reduced the number of network related security incidents on campus.  The change to further restrict SSH, Web, and other allowed protocols is in response to increased attacks targeting these types of services.

Will connecting via Windows Remote Desktop be affected by the firewall?

Yes. You will need to use CU-Boulder's VPN (Virtual Private Network) to use Windows Remote Desktop. For more information about VPN, including software downloads and setup instructions, visit OIT's Virtual Private Network (VPN) web site.

Will there be a cost involved with changes?

There will not be a charge for those who require an exception to allow traffic to their systems.