... Name 1 Source ICCFW01 Destination ICCFWAP01 ICCFWPOL01 Service Action Track Install On Time Comment TCP_4434 icmp-proto Firewall Management 2 ICCFWAP01 drop Log Policy Targets Stealth Rule Special Access Rules (Rules 3-6) Council Rules (Rules 7-40) Remote Access (Rules 41-46) Dev Test (Rules 47-71) Extranet (Rules 72-125) MSSQL_resolver 72 DMZ_TiKex TCP_1964 73 Infogenesys_Addresses Infogenesys_POS_Server 74 75 DMZ-Extranet-Switch_IGIC DMZ-Blade-Switch-1 DMZ-Blade-Switch-2 DMZ_Management DMZ_Extranet_Switch_Hayden DMZ_Extranet_Switch_Polaris Infogenesys_POS_Server_IGIC DMZ-Extranet-Switch_IGIC DMZ-Blade-Switch-1 DMZ-Blade-Switch-2 DevTest_Switches DMZ_Extranet_Switch_Hayden DMZ_Extranet_Switch_Polaris Radius-Servers telnet echo echo-request Manage Switches TCP_1645 TCP_1646 RADIUS RADIUS-ACCOUNTING 76 DMZ_Management NTP_Servers ntp 77 DMZ_Management Or1on syslog 78 Michael_Strelan_pc cisco_vpn_net Web_235 79 iccremotesrv1 Web_235 80 ICCWEB02-PUB 81 iccexchcas01 iccexchhub04 iccexchcas03 iccexchhub03 VPN Rule for all the Radius access from the DMZ - Add devices/servers as necessary Rule for all NTP from the DMZ - Add required Servers as necessary. s ssh Manage Web Servers Remote access to Web accept None Policy Targets servers s HTTP_8080 smtp Mail from Webservers dns s Windows Updates
Ironport2_incoming Zenoss 82 83 84 85 86 87 ICCWEB02-PUB _UAT galaxy_old ICCWEB02-PUB IGIC-4507-Core IGIC-4507-Core-LO-0 Hayd4507-Core-LO-0 Polaris-4507-Core-Lo0 Hellcat Warhawk Typhoon Tempest ICCDWXDB02_dmo ICCSQLMON01 ICCSQL08CL01 ICCSQL08CL02 ICCSQLLOBS01 _UAT galaxy_old NTP_Servers ntp ntp Time Sync _IGIC galaxy_old galaxy_old_igic ntp domain-udp _UDP Masterview Replication SQL for Masterview and FTP for dataworks Masterview External access 88 ICCWEB02-PUB Ipswich art gallery 89 ICCASA5510 ICCASA5510_IGIC VPN
88 ICCWEB02-PUB Ipswich art gallery 89 ICCASA5510 ICCASA5510_IGIC 90 ICCASA5510 91 92 93 PatronBase PBWEB VPN ICCASA5510 ARUBA_RAP_Connect ARUBA_RAP_Connect_IGIC _IGIC 94 Venue_Tech_FTP 95 South_St Internal_10.150_network Aventail_DMZ Internal_10.160_Network TCP_1964 Tickex Support echo-request Tickex TCP_1964 _UDP Tickex Internal users 96 Mastercard _IGIC Mastercard FTP Server 97 icccrystal01 ipswich_ext_www HPR lost animal updates 98 ICCANTIVIRUS01 TCP_2080 s 99 ICCANTIVIRUS01 tcp_135 TCP_49155 TCP_2080 ssl_v3 100 s _8098_Range 101 HTTP_8080 domain-udp 102 Athena_Software _IGIC TCP_8443 PostgreSQL s Ports requested for software vendor support. Check with the vendor and with ICC person resonnsible for what, if any, ports need to remain open
102 Athena_Software _IGIC TCP_8443 PostgreSQL s ssh 103 ICCWEB01-dev s TCP_81 104 ICCWEB01-dev _8098_Range accept s Log Policy Targets 105 ICCWEB01-dev domain-udp 106 telstra_test_df _UAT_IGIC s TCP_81 _8098_Range ssh 107 s icmp-proto 108 AD_Servers domain-udp ntp-udp 109 s 110 ICCEPAPP01 dns accept None Policy Targets Ports requested for software vendor support. Check with the vendor and with ICC person resonnsible for what, if any, ports need to remain open after the installation. Ports open are: 3389, 8443, 5432 Internal Subnets to ICCWEB01-DEV on SSH, SSH-2, HTTP and HTTPS, 81 and TCP Range 8081 to 8098 SQL Server and SQL Monitor 111 ICCEPAPP01 _8000 SOAP Web Service 112 Internal Management 113 114 ICCANTIVIRUS01 115 _UAT _IGIC _UAT ICCANTIVIRUS01 McAfee-SuperAgents McAfee-SuperAgents
114 ICCANTIVIRUS01 115 116 _UAT _UAT ICCANTIVIRUS01 Redhat_Networks Test_Dev_Servers 117 118 Hayden_L2 119 WebAsyst_Remote_Support 120 ARUBA_Test_192.168.103 121 _UAT _IGIC _IGIC DMZ_Civic_Hall_POS Council_DMZ DMZ_Council DMZ_External DMZ_TiKex DMZ_Waste Lib_DMZ Test-DMZ McAfee-SuperAgents McAfee-SuperAgents s s s TCP_22000 s 122 _UAT_IGIC 123 _UAT_IGIC 124 ICCMAN02 iccremotesrv1 MANNODE Or1on Prowler Tempest Texan Typhoon _UAT nbname nbdatagram nbsession Test VLAN and Network set up for Wireless proof of concept backup of DMZ servers TAS000000002654