CCNY Firewall Frequently Asked Questions (FAQs)

CCNY Firewall Frequently Asked Questions

What is the CCNY Firewall?
Will the Firewall interfere with my access when I’m off-campus?
When do I need to fill out the VPN Access Request Form?
When do I need to fill out the Firewall Exception Request Form?
Do I need to submit a VPN or Firewall Exception form to get access to the internet?
Do I need to submit a VPN or Firewall Exception form to get my emails?
Will the Firewall interfere with my research?
Are my connectivity issues related to the Firewall?
Are you blocking or censoring certain types of content?
When requesting a firewall exemption, what other security measures should I know about?
 

What is the CCNY Firewall?

The CCNY firewall establishes a security barrier around CCNY’s network by blocking external traffic, filtering in connections based on a customized list of CCNY firewall exceptions. It defends against malicious network activity designed to exploit vulnerabilities to gain unauthorized access to, and control of, devices and information on CCNY’s network.

Will the Firewall interfere with my access when I’m off-campus?

Yes, to access resources on the CCNY network you will need to submit a VPN Access Request Form or a Firewall Exception Request Form.
You can find both forms on the Security Authorization Forms page.

When do I need to fill out the VPN Access Request Form?

VPN access is an ideal solution for remotely access on-campus systems for temporary purposes (e.g. performing occasional upgrades, configuration changes, or system monitoring). This solution is optimal if you, and only you, need to gain access to your CCNY system from outside the campus. Also, when a third-party support vendor needs to access a CCNY system, the CCNY “owner” of that system will need to submit a VPN form on their behalf.

You can find the VPN Access Request Form on the Security Authorization Forms page.

When do I need to fill out the Firewall Exception Request Form?

If you are hosting a service on campus that requires continuous access from off campus, e.g. a website.

You can find the Firewall Exception Request Form on the Security Authorization Forms page.

Do I need to submit a VPN or Firewall Exception form to get access to the internet?

No, the College does not block access from the College to the internet unless a connection is identified as malicious.

Do I need to submit a VPN or Firewall Exception form to get my emails?

No, email servers managed by OIT are already exempt and it is not necessary to file for an exemption.

Will the Firewall interfere with my research?

Possibly, but only for on campus resources that need to be accessed from off campus. In cases where the required access is temporary, it can be accommodated with VPN access.

In exceptional cases where the work of CCNY researchers require persistent network connections between the College and off-site resources, faculty and staff should submit the Firewall Exception Request Form.

Are my connectivity issues related to the Firewall?

Possibly. As we disable firewall exemptions during the firewall cleanup, if network services that had been working are suddenly interrupted, you should contact your local IT technical support personnel.

You should also notify the CCNY servicedesk@ccny.cuny.edu .">Service Desk (212) 650-7878 or ( servicedesk@ccny.cuny.edu ). Provide as much detailed information as possible, including contact and network configuration information, the location of the device(s), and when the access was last functioning.

Are you blocking or censoring certain types of content?

No, the CCNY Firewall does not inspect the semantic content of any network traffic, upholding CCNY and CUNY’s commitment to open expression and electronic privacy.

When requesting a firewall exemption, what other security measures should I know about?

If you are granted a firewall exemption, you are responsible for keeping critical software updates and malware protection up to date for all network accessible devices you administer. You should also disable unnecessary features and configuration settings to reduce risks and vulnerabilities. These measures should be taken for devices on campus as well as devices that will be used to access them from off campus.

As part of the firewall exception vetting process, your devices that are hosted on campus will be subject to an initial vulnerability scan followed by routine scheduled scans; critical vulnerabilities identified by these scans must be remediated immediately to obtain and retain the firewall exception. 

To help maintain campus-based resources, CCNY provides McAfee Endpoint Protection and LANDesk Computer Management software. Find out more about McAfee and LANDesk.