The following templates will help provide us with all the relevant data needed to make firewall changes.
What should I do with this information?
You could copy and paste the template into an email to fill it out, and then email it to support@n4l.co.nz, or you can click the link below each template, which will open a new email in your preferred mail client, ready to populate with your data.
Firewall Request Guidelines
The required fields should be filled out using the following guidelines:
| Field Name | Description | Example Values |
|---|
| Source Zone | This should be where the traffic is generated from. For example, if a user on the school LAN is sending traffic out to the internet, then the source zone is Inside. |
|
| Source IP | This should be the IP address that the traffic is to come from.
(Note: If traffic is Outgoing (going out to the internet), it can be from ANY IP address on the school LAN) |
- A range e.g.192.168.1.0/24
- An individual address e.g.192.168.1.250
- "Any"
|
| Destination Zone | This is the destination of the traffic being sent from the Source Zone (above).
If a user on the LAN is sending traffic out to the internet, then the destination zone is Internet. |
|
| Destination IP | This is the destination IP address or range of the traffic being sent from the Source IP (as above).
Note that if traffic is going out to the internet, then ANY IP can be specified. |
- A range e.g. 64.233.160.0/19
- "Any"
|
| Protocol | This is the protocol that the traffic is to use. Note, this can be both TCP and UDP if required, or another Protocol |
|
| Port | This is the port that the traffic is to pass through on the firewall. |
- 80 (HTTP)
- 443 (HTTPS)
- 3389 (RDP)
|
| Action | This is the action that the firewall should take with the specified traffic. |
|
| Description | A short description of the purpose for adding the rule to the configuration. | "Allow Outbound Web Traffic" |
Outgoing Firewall Template
This template is for any port where the connection is initialised by the internal device accessing the site or application (i.e downloading from an FTP server, application ports, certain online tools.)
Source Zone = Inside
Source IP = [Can be a range e.g. 192.168.1.0/24 or Any]
Destination Zone = Internet
Destination IP = [e.g. 17.0.0.0/8 or Any]
Protocol = [TCP/UDP/Others]
Port = [e.g. 3389]
Rule= [Permit/Block]
Description = [e.g. To allow outgoing connections to RDP server]
Click here to create an email with the Outgoing Firewall Template
Incoming Firewall & Port Forward Template
This is for connection coming into the router from an external source (i.e. RDP, VoIP systems, Remote Access to cameras)
Interface/VLAN = Internet
External IP = [Likely WAN IP of school's router]
External Port TCP/UDP only = [e.g. 3389]
Internal Host = [e.g. 192.168.1.1]
Internal Port (TCP/UDP only) = [e.g. 3389]
Protocol = [TCP/UDP/IP]
Description =
[DELETE ONE OF THESE:]
[EITHER]
Please modify the firewall rules to permit inbound traffic to the internal host as required.
[OR]
In addition, please add the following firewall exception:
Source Zone = Internet
Source IP = [Can be a range e.g. 17.0.0.0/8 or Any]
Destination Zone = Inside
Destination IP = [Probably the same as the specified internal host]
Protocol = [TCP/UDP/Others]
Port = [e.g. 3389]
Action = [Permit/Block]
Description = [e.g. To allow incoming connections to RDP server]
Click here to create a template with the Incoming Firewall (with NAT) Template
- For a router that is not running NAT
i.e. Just an Incoming Firewall Exception
Source Zone = Internet
Source IP = [Can be an IP Address, a Range e.g. 17.0.0.0/8 or "ANY"]
Destination Zone = Inside
Destination IP = [Probably the same as the specified internal host]
Protocol = [TCP/UDP/Others]
Port = [e.g. 3389]
Action = [Permit/Block]
Description = [e.g. To allow incoming connections to RDP server]
Click here to create a template with the Incoming Firewall (without NAT) Template
