This information is historical -- the CS departmental firewall no longer exists (trg, 2014-2-28) (OBSOLETE)

---

CSCF firewall information

Basic operational information

See: "Tutorial 9, Firewall access".

Adding administrative users

The firewalls support two types of administrators. There are Read-Write administrators, who can make configuration changes, and Read-Only administrators, that can only view changes. As of June 2010, our firewalls support only local authentication. If you need to add a user, talk to a member of the CSI Networking group.

Logging in to the devices

All firewall logins are restricted to the UW Campus Network (129.97.0.0/16) excluding wireless, the CS campus network (172.19.0.0/16) and the local management network (192.168.15.0/24).

Making changes

Although there are two firewall servers, you only need to make changes on dc-csfw1, since the configurations are synchronized. There are two ways to access this system.

• Access the firewall using a web browser (https web interface) to update firewall policies. Note that there are browser dependencies that cause many OS-platform/browser combinations to fail when doing updates. In particular, https with anything other than IE6 seems to fail.
• Access the firewall using SSH when using CLI (command line interface) to update Network/Interface/Routing settings.

Adding policies

See "Tutorial 9, Adding policies".

Modifying existing policies

See "Tutorial 9, Modifying existing policies".

Adding networks

See "Tutorial 10" if you need to create or migrate a network to the firewall.