Purpose
The goal of this is to give trusted people on campus and within OIT, who request a lot of firewall rule changes or need to audit rules for their group, read-only access to firewall rules in a secure manner. People often request access so they can audit their rules without a manual request of the security team, and want to be more knowledgeable of existing rules when they request new changes from the security team. This will replace the insecure practice of emailing firewall rule configurations or people saving them locally. However in most cases they still have to know how to interpret a raw Cisco ASA configuration.
Access Requirements
- Network Restriction: Limited to on-campus or via VPN
- Authentication: WebAuth + Duo Multi-Factor Authentication (instructions here)
- Authorization: KSAMS role membership (access request instructions here)
- For Campus Server Registration access: ITSEC "Firewall Rule Viewer - Campus" role
- For OIT internal access (which includes campus too): ITSEC "Firewall Rule Viewer - OIT" role
Instructions
- Login to https://systems.oit.uci.edu/FirewallRuleViewer/
- Choose Firewall (if the firewall you need is not listed, please contact security@uci.edu)
- Click Submit to view the rules configuration, some firewall device technical information, date/time it was last changed and the date/time it was last refreshed
- Note: These are filtered yet raw Cisco firewall configuration files, you must be somewhat knowledgeable in networking to understand them
- Note: Scheduled refresh of configuration data daily at 6:20am, 12:20pm, 5:20pm, 10:20pm
