To protect the Campus network from threats on the public Internet, there is a firewall at the boundary between the Campus network and the Internet.
The campus border firewall operates a 'default deny' policy. This means that only traffic that has been specifically permitted is allowed through the firewall. The standard level of service offered to a machine on campus is to have no access through the campus border firewall, any connections to the Internet must go through the campus proxy servers.
Some machines on campus require a direct outgoing connection to the Internet. In the context of the campus border firewall, outgoing access means that the campus machine is acting as a client connecting to an external server, for example an FTP server out on the public Internet. This access is controlled by granting a machine the 'Internet Access' class of service, which may still be known in some places by the legacy term 'JIPS'. Please see the Systems Security and Network Access and Management policy for how to request the 'Internet Access' class of service.
In the context of the campus border firewall, incoming access means a server on campus offering a service to clients out on the public Internet. All services that are accessible from the Internet must be registered with the firewall, the ability to register services in this way has been delegated out to departmental IT staff. If you are setting up a server that needs to be accessible from the Internet, please contact your departmental IT staff who will be able to arrange the appropriate access to be opened up. If your department doesn't have any IT staff, please email the IT Help Desk with the details of the server, including its IP address. Departmental IT staff wishing to become delegated firewall admins should complete and return the below form.
If you have any questions or requests for information regarding the campus border firewall, please contact the IT Help Desk