You are located in service: Firewall

Registration of servers

Registration of servers

Kurzinformation

Servers can be registered via the new Firewall registration form.


 Detailinformation 

Please note that we only unlock computers that have an "alive" service so that connectivity- and securitytests (Sources: 134.130.3.0/25, 134.130.5.90) can be performed.

To check the used ports try 

netstat -an

In addition only the latest software version should be used and in use of encryption a valid certificate needs to be installed.

The access to RWTH from the Internet is subject to the proviso that all security updates are installed on the servers and vulnerabilities with a rating of more than CVSS 5.0 are promptly eliminated. 
The IT Center can prevent access from the Internet if a vulnerability is not resolved, or if the vulnerability scanner does not have adequate access to the server.

As a general rule, we'll configure the firewall based on typical protocol and port numbers of specific network applications / services. In particular, we will consider the "Assigned Internet Protocol Numbers" and "Service Name and Transport Protocol Port Number Registry" of IANA. Exceptions to this will be made in duly justified cases only.

Alternatively, registered contact person can register servers via e-mail to noc@rwth-aachen.de. In order to facilitate our work, please use the following format:

# Service1

134.130.X.A Name_A.domain.rwth-aachen.de

134.130.X.B Name_B.domain.rwth-aachen.de

134.130.X.C Name_C.domain.rwth-aachen.de

# Service2

134.130.X.C Name_C.domain.rwth-aachen.de

134.130.X.D Name_D.domain.rwth-aachen.de

134.130.X.E Name_E.domain.rwth-aachen.de

Please use a tab stop between the IP address and the fully qualified domain name (format: host.domain.rwth-aachen.de) of the computer if possible.

Please note that we only unlock computers that are registered in the DNS.
Additionally, we only unlock individual hosts for a specific service, no entire networks.

Services and their SSL variants are not unlocked simultaneously anymore, please explicitly specify SSL/non-SSL.
If you don't know the name of the service, please specify the protocol and port number.

If the event that we are managing a packet filter on your router, please leave the note 'Gebäudefilter' (building filter) inside the text.

last changed on 03/27/2023

How did this content help you?

Creative Commons Lizenzvertrag
This work is licensed under a Creative Commons Attribution - Share Alike 3.0 Germany License