Server registration and firewall administration
On this page, you will learn how to request, delete, and manage firewall registrations.
Register servers
Registration form
Servers can be registered via the Firewall registration form.
Registration via email
Alternatively, registered contact person can register servers via e-mail to noc@rwth-aachen.de. In order to facilitate our work, please use the following format:
# Service1
134.130.X.A Name_A.domain.rwth-aachen.de
134.130.X.B Name_B.domain.rwth-aachen.de
134.130.X.C Name_C.domain.rwth-aachen.de
# Service2
134.130.X.C Name_C.domain.rwth-aachen.de
134.130.X.D Name_D.domain.rwth-aachen.de
134.130.X.E Name_E.domain.rwth-aachen.de
- Please use a tab stop between the IP address and the fully qualified domain name (format: host.domain.rwth-aachen.de) of the computer if possible.
- Services and their SSL variants are not unlocked simultaneously anymore, please explicitly specify SSL/non-SSL.
- If you don't know the name of the service, please specify the protocol and port number.
- If the event that we are managing a packet filter on your router, please leave the note 'Gebäudefilter' (building filter) inside the text.
Key information on server registrations
We only unlock computers that have an "alive" service so that connectivity- and securitytests (Sources: 134.130.3.0/25, 134.130.5.90) can be performed. To check the used ports enter the following in the Windows command prompt:
netstat -an
In addition, only the latest software version should be used and in use of encryption a valid certificate needs to be installed.
The access to RWTH from the Internet is subject to the proviso that all security updates are installed on the servers and vulnerabilities with a rating of more than CVSS 5.0 are promptly eliminated. The IT Center can prevent access from the Internet if a vulnerability is not resolved, or if the vulnerability scanner does not have adequate access to the server.
As a general rule, we'll configure the firewall based on typical protocol and port numbers of specific network applications / services. In particular, we will consider the "Assigned Internet Protocol Numbers" and "Service Name and Transport Protocol Port Number Registry" of IANA. Exceptions to this will be made in duly justified cases only.
Please note that we only unlock computers that are registered in the DNS. Additionally, we only unlock individual hosts for a specific service, no entire networks.
Deregister a server
Existing servers can be deregistered via e-mail to noc@rwth-aachen.de.
View existing registrations
Existing registrations are listed in the Firewall-viewer (accessible within RWTH networks by registered contact persons).