Skip to page content
  • KNOWLEDGE
  • SERVICE CATALOG
  • SYSTEM STATUS
  • Guest User
    • Profile
    • Favorite Financial Account
    • Logout
  •  Guest User
  • Logout
  • Home
  • IT Services Knowledge (Knowledge Base)
IT Services Knowledge - Firewall Change Request Process
KB00015607
6.0 - Updated on 2024-05-01 by Brian Ng (brianhng)
5.0 - Updated on 2024-04-09 by David Jaremowicz (davejar)
4.0 - Updated on 2022-02-28 by Michael Ruel (mruel)
3.0 - Updated on 2021-02-16 by Brian Ng (brianhng)
2.0 - Updated on 2020-02-11 by Allan Wang (allanw)
1.0 - Authored on 2018-05-16 by David Jaremowicz (davejar)

Firewall Change Request Process


Updated 1-May-2024 • 325 Views • ( ) ( ) ( ) ( ) ( )

Request a Firewall Change

  • You must submit all requests through the Firewall Request form. The request must be as detailed and complete as possible.
  • The firewall engineer may send tickets to the IT Services Security team for review if the request has a broad scope or presents a potential security risk.
  • Some changes may require approval by the Change Approval Board (CAB).

Service Types

  1. Problem Resolution/Service Restoration
    • Problem requests are those made under the direction of a Problem Manager in the course of managing the resolution of a problem or those identified as such by the Information Security Officer.
    • Urgent problem requests will be processed before other firewall change requests and will be implemented either as soon as possible or during a change window, as determined by CAB.
  2. Routine Changes
    • Routine changes as approved by IT Services' CAB (draft summary below, pending CAB approval).
  3. Project Related/Other Changes
    • CAB approval is required, including out-of-cycle changes.
Change type Lead time Change window

Problem Resolution

As required

ASAP

Routine

3-5 business days

Tuesday or Thursday change window

All other

15 business days, including CAB and IT Security approvals (note: the scope of the change could cause delays in this process).

Thursday window

Firewall Request Process Overview

Change Title

Description

Firewall - Create VLAN Interface

Create a new VLAN interface

Firewall - Create Security Zone

Create a new security zone

Firewall - Simple Policy Change

Add a simple addition to existing firewall policy. An example would be the addition of an IP address or a well-known or easily verifiable port to the firewall policy or policy group. It would involve no more than two firewalls, four or fewer security zones, ten or fewer hosts and that the requested change is the same for the hosts involved, six or fewer ports and/or applications.

Firewall - Create of Policies

Create a new security policy that does not require a security review and involves:
at most two firewalls, four or fewer security zones, ten or fewer hosts and that the requested change is the same for the hosts involved, six or fewer ports and/or applications.

Firewall - Addition of Routes

Implementation of a static route on the firewall to allow VLANs not directly attached to the firewall to be reachable.

Firewall - Addition of NAT

Create network address translations on the firewall for new hosts or hosts without current address translations.

Also in

View all articles

Related Articles

Related Services

Contact Us

Phone: 773.702.5800

Weekdays: 7:30 a.m. - 6:00 p.m.

Closed on University Holidays

Get walk-in support at TechBar.

Regenstein Library, 1st floor.

Open during reference desk hours.

© 2025 The University of Chicago