Incidence Description: L2SOC01 

Flowserve Internet Policy - Whitelist website

Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
Support Level: Level 2   
 
Additional Information/Considerations:  
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/  CST_underscore account – contract third party account 
 
How Do I Resolve  Follow These Steps: 
Review daily ticket If the user receives an error message You don't have permission to
list for Queue visit this site/ user requests to whitelist a website/ URL then, follow
Monitored – below procedure:
Security_Global_FLS 

St
ep:1 – Review the ticket for IMACD Approval to have the website
whitelisted and ensure the web URL is mentioned in the request. If
IMACD not found, then route the ticket to Service Desk as
insufficient Info call handling and advise to submit the IMACD.
Step- 2- IMACD must Include the full business justification on why
they need this URL. This will need to be a comprehensive
explanation and generic reasons will be automatically denied.
Step 3- Get the URL link that user wants to access and check in virus
total website whether the URL link is virus free.
Step 4- If the URL link has any viruses inform the user about the same and
to find the alternative solution and resolve the ticket
Step 5- If the weblink is virus free, add it to Zscaler white list as follows: 
 Go to Zscaler:
https://admin.zscalertwo.net/#dashboard/1 
 Go to Administration. 
If the URL Link is HTTP: 
 Select URL categories in the resources section. 
 Search for whitelist in the search tab 
 Edit the Flowserve-white list link. 
 Paste the URL domain name begin with the “.”   in the
Custom URL section and click Add
Once added, Go to Activation and click activate. 
 If the URL Link is encrypted with SSL/TLS i.e., https: 
 HTTPS: URLs using HTTP encrypted by TLS/SSL.
Search for SSL in the search tab and edit the flowserve.ssl
link. 
 Enter the URL begin with “.” And click add. 
 If the user still not accessing the URL. Add it to
Flowserve.auth.ssl link and activate. 

Step 6: How to block the URL: 

 Go to administration. Open URL categories, type
Malware in the search box, edit the link. 
 Enter the URL link and click Add 
 Go to activation and click activate.

Step 7: Send mail to the user for confirmation and same update in
the ticket.  After confirmation from user resolve the ticket. 
a. Open ticket Turn Ticket status to In Progress
and save 
b. Then Click on Resolve.  
c. Fill the 4 fields listed below Resolution
method/ Closure source/ Resolution/ Status
reason 
. 

Incidence Description: L2SOC02 

Flowserve Internet Policy - Whitelist IP Address
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
Support Level: Level 2   
 
Additional Information/Considerations:  
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/  CST_underscore account – contract third party account 
 
How Do I Resolve  Follow These Steps: 
Review daily ticket If the user requires to allow/block or to update the IP address for an
list for Queue approved application/Domain then, follow below procedure:
Monitored –  How to Add IP Address: 
Security_Global_FLS   Go to Administration, go to IP & FQDN groups. 
 Check whether the given IP Address has added or not. 
 If not, go to Add the Destination IP group option. 
 Search for white list- go to External white list 
 Enter the IP address and click Add. 
 Go to activation and click Activate. 
How to block IP Address 
  Go to Administration, go to IP & FQDN groups. 
 Check whether the given IP Address has added or not. 
 If not, go to Add the Destination IP group option. 
 Search for virus- go to External virus-malware. 
 Enter the IP address and click Add. 
 Go to activation and click Activate.

Send mail to the user for confirmation and same update in the
ticket.  After confirmation from user resolve the ticket. 
a. Open ticket Turn Ticket status to In Progress and save 
b. Then Click on Resolve.  
c. Fill the 4 fields listed below Resolution method/
Closure source/ Resolution/ Status reason .

 
Incidence Description: L2SOC03 
Flowserve Internet Policy - Whitelist Port Address
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
Support Level: Level 2   
 
Additional Information/Considerations:  
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/  CST_underscore account – contract third party account 
 
How Do I Resolve  Follow These Steps: 
Review daily ticket If the user requires to open/close a port or update a Port for an
list for Queue approved application then, follow below procedure:
Monitored – 1. Policy -> Firewall Control 
Security_Global_FL
S 

 
2. Add Firewall Filtering Rule 
  
3. Make rule name containing naming convention 

 
 
 
4. If global change leave location blank. If not add the required
sites in locations.  

 
5. Add in Description with Name and Date 

6. Services and Appliances -> Network Services 

 
7. Add Network Services 
 
8. Name using “Rule Name” – Port 

 
9. Same description as filtering rule 

 
10. Add the port # 

 
11. Save 

 
12. Open Network Services select new rule or hit done.  
  
13. Add in source IP or IP group 

14. Add in destination IP or IP group 

 
15. Save 

 
16. Move above Rule Dropping all Traffic 
17. Save and Commit  

To modify the ports of a predefined network service: 

1. Go to Administration > Network Services 
2. Find the predefined network service you want to change
and click the Edit icon 

 
3. You can change any of the TCP Source Ports, TCP
 Destination Ports, UDP Source Ports, or UDP
Destination Ports 
4. Click Save and activate the change 

Send mail to the user for confirmation and same update in the
ticket.  After confirmation from user resolve the ticket. 
a. Open ticket Turn Ticket status to In Progress and save 
b. Then Click on Resolve.  
c. Fill the 4 fields listed below Resolution method/ Closure
source/ Resolution/ Status reason

Incidence Description: L2SOC01 

Flowserve Internet Policy - User Reach the Number of Devices Limit 
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
Support Level: Level 2   
 
Additional Information/Considerations:  
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/  CST_underscore account – contract third party account 
 
How Do I Resolve  Follow These Steps: 
Review daily ticket If the user receives an error message User Reach the Number of
list for Queue Devices Limit then, follow below procedure:
Monitored – Description:  User can only enroll up to 16 devices under one
Security_Global_FLS  username. If you want to enroll another device but has reached the
maximum number of devices, you must remove at least one
device from the Zscaler App (Z App) Portal. 

1. In the Z App Portal, go to Enroll Devices. 

2. From the menu on the left, go to Device
Overview. 
3. Point to the user device that you want to
remove the app from and click the Device
Details icon. You can only force-remove devices
with the app policy status of Updated, Outdated,
or Device Removal Pending. 
  
4. Click Force Remove. 

 
The device is removed immediately, and the policy
status changes to Removed.

Send mail to the user for confirmation and same update in the
ticket.  After confirmation from user resolve the ticket. 
a. Open ticket Turn Ticket status to In Progress and save 
b. Then Click on Resolve.  
c. Fill the 4 fields listed below Resolution method/
Closure source/ Resolution/ Status reason 

 
Incidence Description: L2SOC01 
Zscaler Internal error, contact your Administration
Internet access blocked
Service is disabled
Level 1 Ticket Source: CRIM- Unisys Alerts/ User Phone Call/ Email   
Support Level: Level 2   
 
Additional Information/Considerations:  
User Account naming nomenclature- 500 account- for contractor/ 100 account – for
permanent hire/  CST_underscore account – contract third party account 
How Do I Resolve  Follow These Steps: 
Review daily ticket If the user receives an error message as mentioned then, follow
list for Queue below procedure:
Monitored –
Security_Global_FLS 

Step 1- Open notepad > copy this Script and paste it> save this
document at Desktop> name the file as TEST.txt

@echo off

sc config winmgmt start= disabled

net stop winmgmt /y

%systemdrive%

cd %windir%\system32\wbem
for /f %%s in ('dir /b *.dll') do regsvr32 /s %%s

wmiprvse /regserver

winmgmt /regserver

sc config winmgmt start= auto

net start winmgmt

for /f %%s in ('dir /s /b *.mof *.mfl') do mofcomp %%s

Step 2- find the Test.txt file on desktop and rename it as Test.bat (the
icon will change to wheel icon)

Step 3- go to C:\Windows\System32\Wbem

Step 4- move the Test.bat to this folder (C:\Windows\System32\

Wbem) it will ask you to continue.

Step 5- Pop up asking for username and password (Copy the

password to notepad and then copy from there without spaces , and
paste it in password field.)

username: .\administrator

password: Laps Password

Step 6: Find the file (Test.bat) in C:\Windows\System32\Wbem and

right click> run as administrator

Step 7: it will ask for username and password, enter the same as
above. cmd.exe will run, once completed.

Step 8: go to task bar on right-side drop-down icon and find the

zscaler, right click> click exit. Enter the Zscaler admin exit password.
Step 9: Reopen the Zscaler, and check the services enabled. 
Update in the ticket after confirmation from user and resolve the
ticket. 
a. Open ticket Turn Ticket status to In Progress and save 
b. Then Click on Resolve.  
c. Fill the 4 fields listed below Resolution method/ Closure
source/ Resolution/ Status reason