A firewall is the first line of defense against unauthorized or malicious access to Texas A&M University-Commerce information resources. It is important to ensure that firewalls protecting University information resources are correctly configured. This procedure provides users information on both host-based firewalls and requesting exceptions to the campus-wide firewall.
This procedure applies to all University information resources. The purpose of this procedure is to provide a set of standards for how firewalls are configured to protect University Information Resources.
1. The campus-wide firewall operates on a default-deny policy.
2. The university network is separated into multiple VLANs. Each VLAN has a designation of whether new inbound connections are allowed or not.
a. In a VLAN designated for servers, inbound and outbound connections are allowed on a port-by-port and host-by-host basis.
b. In a VLAN designated for clients, inbound connections are not allowed, but outbound connections are minimally restricted.
3. Host-based firewalls should be used on servers to restrict access from computers within the University network.
The following ports are generally approved for public usage:
1. TCP/80 (HTTP/Web Servers)
2. TCP/443 (HTTP with SSL or TLS)
The following ports are approved only in specific cases, with restrictions on the remote IP address
1. TCP/22 (SSH) - (Restricted to a single IP or small network block)
2. TCP/21 (FTP) – (Restricted to a single IP or small network block, unless using TLS)
Updated October 15, 2013
Last Updated March 31, 2014
To request a change to this page or to request access to make changes yourself, email helpdesk@tamuc.edu.