Menu
Security & Policy HomePolicy & InformationCampus Firewall

Campus Firewall Information

Lehigh's network contains multiple levels of firewalls designed to limit the ability of intruders to access the computers beyond those firewalls. As an additional level of security, any computer connected to Lehigh's network should be running its own firewall software. The primary purpose of this document is to provide an overview of the network perimeter firewalls which control activity flowing in or out of Lehigh's network from the Internet.

In a continuing effort to enhance the security of all Lehigh network resources, Library and Technology Services has installed a border firewall system between the campus network and the Internet. These firewalls operate in a "default deny" environment wherein all connections from off campus computers are denied unless specifically allowed through the firewall. The border firewalls are stateful firewalls which keep track of the state of any network connections passing through them. In this regard, any network protocol which exits Lehigh's network utilizing one network port, but replies to Lehigh on another port, will operate without the need of a firewall exception.

It is the responsibility of the requestor to ensure that all current and future security patches are applied to the computer in question. Failure to maintain the security of the system will result in the revocation of the exception. Exceptions to firewall blocking for a given port for a computer assigned to a given IP address can be requested through any LTS Computing Consultant or through the LTS Help Desk. Those individuals can submit the request through this link.

Note: Firewall exceptions are best avoided. Whenever possible, use VPN to connect a single off-campus computer to the Lehigh network.

Note: Exceptions for inherently insecure protocols such as telnet (port 23) or ftp (port 21) will not be granted. All requests must include the Lehigh University faculty or staff member responsible for maintaining the security of the computer corresponding to the IP address for which the exception is requested.

Last modified on: by skr5.