Registration of servers
Servers can be registered via the new Firewall registration form.
Please note that we only unlock computers that have an "alive" service so that connectivity- and securitytests (Sources: 18.104.22.168/25, 22.214.171.124) can be performed.
To check the used ports try
In addition only the latest software version should be used and in use of encryption a valid certificate needs to be installed.
The access to RWTH from the Internet is subject to the proviso that all security updates are installed on the servers and vulnerabilities with a rating of more than CVSS 5.0 are promptly eliminated.
The IT Center can prevent access from the Internet if a vulnerability is not resolved, or if the vulnerability scanner does not have adequate access to the server.
As a general rule, we'll configure the firewall based on typical protocol and port numbers of specific network applications / services. In particular, we will consider the "Assigned Internet Protocol Numbers" and "Service Name and Transport Protocol Port Number Registry" of IANA. Exceptions to this will be made in duly justified cases only.
Please use a tab stop between the IP address and the fully qualified domain name (format: host.domain.rwth-aachen.de) of the computer if possible.
|Please note that we only unlock computers that are registered in the DNS.|
Additionally, we only unlock individual hosts for a specific service, no entire networks.
Services and their SSL variants are not unlocked simultaneously anymore, please explicitly specify SSL/non-SSL.
If you don't know the name of the service, please specify the protocol and port number.
If the event that we are managing a packet filter on your router, please leave the note 'Gebäudefilter' (building filter) inside the text.