When applying for a firewall exception please provide all requested information. Answering questions fully will facilitate subsequent communications and help avoid delays.
Login access to the CCNY Firewall Exception Request Form (Login Required)
Section 1: Requestor information
Provide all requested information. Requestors must provide a CCNY email address and phone extension; alternative phone numbers and email addresses may also be provided.
Section 2: Justification for firewall exception request.
Provide an overview of the intended use of the firewall exception(s), who will be using it, and for how long. Provide an end date for firewall exceptions for temporary requests.
For example, the CCNY Acme Research Group is requesting a firewall exception to allow a national consortium of researchers access to a CCNY-based research cluster using the Gadget Software Platform from September 2017 until December 2020.
Section 3: Network firewall change requests
Provide a line-by-line list of firewall rules being requested. Before submitting the request, the requestor, departmental IT systems administrator, and all relevant vendors or contractors should confer on the functional, technical, and network specifications.
ADD (request a new firewall rule), REMOVE (remove an existing firewall rule)
SOURCE IP: external IP address or range of addresses
DESTINATION IP: CCNY-based IP address or range of addresses
PROTOCOL: the network protocol that will be used UPD/TCP
PORT: the port(s) that will be used to transmit traffic data. For a list of well-known services associated with specific port numbers, see the following resource: List of TCP and UDP port numbers.
SERVICE: the name of the network services
Section 4: Department IT System Administrator (optional)
If the requestor’s departmental IT system administrator was consulted on this request, please provide their contact information. Departmental IT administrators can be an invaluable resource in remediating vulnerabilities detected by security scans.
Section 5: Non-CCNY Personnel
Provide the contact information of such individuals, including contractors, external research associates, consultants, or any other individuals or groups who will access campus-based resources.
Section 6: Approvals
Firewall exception requests must be approved by the requestor’s supervisor, department chair, or director, provide his or her CCNY employee email address. In some circumstances, additional approval may be required by a Dean or AVP or VP overseeing the area, for example when sensitive information or areas are involved. Firewall Exceptions will be evaluated on at least an annual basis and are subject to change.
Section 7: Non-Public University Information (NPUI) statement
NPUI are subject to many regulations, including Family Education Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard (PCI-DSS) regulations and CUNY information security policy. These types of information have specific security requirements that must be adhered to.
The requestor must indicate whether any Non-Public University Information (NPUI) may be exposed by the requested firewall exceptions, including any of the following types of protected information: Social Security numbers, citizenship status information, birthdates, debit and credit card numbers, user-ids with passwords, student records (e.g., GPAs, transcripts, grades, test results), financial records (e.g., tax information, bills, insurance records, payroll information), health records, drivers licenses or other government-issued identification.
Section 8: Information Security Statement
Users of CCNY network and computer resources are subject to CUNY security policies and procedures, especially the Acceptable Use of Computing Resources and IT Security Procedures: General. See the CUNY Information Security website:
Please take the time to explore information security resources on the CCNY Information Security website.