Scribd Logo
Upload

Welcome to Scribd!

  • Firewall CCF Template_Update V1.1

    Uploaded by

    udugadesupriya146
    0 views17 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    0 views17 pages

    Firewall CCF Template_Update V1.1

    Uploaded by

    udugadesupriya146

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 17

    Classification - Internal #_x000D_

    Document Control
    Authorization
    TEMPLATE NAME Firewall Rule
    TEMPLATE VERSION 1.1
    EFFECTIVE DATE 15th Jun 2017
    TEMPLATE OWNER Information Technology
    TEMPLATE APPROVER Process Owner
    DOCUMENT OWNER To be filled by the Requestor / User
    DOCUMENT CLASSIFICATION Restricted
    DOCUMENT VERSION NO. To be filled by the Requestor / User

    Review
    TEMPLATE VERSION DATE AUTHOR
    1.0 24th May 2017 IT Governance

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    1.1 15th Jun 2017 IT Governance

    Frequency of Review – Annually

    Ownership

    Bank's Information Technology is the owner of the document. Unless otherwise specified, no part of this document
    reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm
    without permission

    Placement
    The most updated copies of the document can be found on the Bank's information portal under Information Techno
    (IT) section. All printed copies of this document are to be treated as uncontrolled and may be obsolete. You shall a
    consult the curren

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    DESCRIPTION
    Released version of Firewall CCF
    Template

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    1. old statements replaced as:


    Old Statement:
    Source Application owner Name &
    employee code
    New Statement:
    Source Application owner Name (as
    per CMDB) & employee code (if
    Multiple, add additional records)

    Old Statement:
    Source Application Name
    New Statement:
    Source Application Name (as per
    CMDB) (if Multiple, add additional
    records)

    Old Statement:
    Destination Application Owner
    Name & employee code
    New Statement:
    Destination Application Owner
    Name (as per CMDB) & employee
    code (if Multiple, add additional
    records)

    Old Statement:
    Destination Application Name
    New Statement:
    Destination Application Name (as
    per CMDB) (if Multiple, add
    additional records)

    Old Statement:
    Change ticket Type.
    (Standard/Emergency) For
    Emergency Changes requestor
    needs to provide his A-Team
    member approval and ITG-Security
    FH approval with change ticket in
    emergency category.
    New Statement:

    se specified, no part of this document may be


    including photocopying and microfilm,

    ation portal under Information Technology


    led and may be obsolete. You shall always

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Sr. No. Details Required

    Source Application owner Name (as per CMDB) & employee code
    1
    (if Multiple, add additional records)
    Source Application Name (as per CMDB) (if Multiple, add additional
    2
    records)

    3 Change Initiator Name & employee code

    4 Change Manager Name & employee code


    5 Functional Head Name & employee code
    Destination Application Owner Name (as per CMDB) & employee
    6
    code (if Multiple, add additional records)
    Destination Application Name (as per CMDB) (if Multiple, add
    7
    additional records)
    What is the DESTINATION Application Availability Rating (as per
    8
    ITGRC)

    Confirm if RULES are requested for ALL STANDBY & DR INSTANCES


    9
    too

    Business Justification for rule to be open. (Pls provide actual


    10 requirment for rule opening do not mention only rule need to be
    open for communication from this ip to that ip.)

    Attach Approval from Destination Application OWNER (IM & PM) &
    Vertical Head (IT-TS&SD & IT-ALCM) for all Production Destination
    Application & for all UAT Destination Application Owner in IT / BTG
    11
    (Center of excellence (CoE) for Cognitive computing & Digital
    Banking, Mobility, Cards & Assets Head from IT-DTIT Team) and VH
    (IT-DTIT / BTG WBO / BTG Retail /IT-TS&SD / IT-ALCM)

    Change ticket Type. (Standard/Emergency) For Emergency


    Changes, requestor needs to provide his Vertical Head's
    12
    approval and Infra-Security FH approval with change ticket
    in emergency category.
    13 Reason for emergency Change. (if applicable)
    Is the Access being requested for UAT or Production
    14
    Communication?
    15 If for UAT, Please mention the duration in month

    Technical Details:

    Sr. No. Source Server Name

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    1 RFX & User PC's

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    User Inputs

    NA

    RFX & User PC's

    Somnath Dey S47889

    Prashant Pagare
    P19802
    Pallavi Ghatge
    Subhash Dhiman

    SWIFT

    Note - 1)To open below restricted services, product


    For both PR and DR /Application specification document need to be attached in
    instances so that CA portal and ISG Approval needs to be obtained by
    Global rule from prod Change Initiator
    environment can be Restricted Services are as below -
    removed in future. TCP_1521
    TCP_80(HTTP)
    TCP_445
    TCP_23(TELNET)
    TCP_21(FTP)
    For accessing data ICMP
    extractor utility SFTP Access / Data Transfer (i.e : port 22/20/21)

    2) Post approval of Change Manager, Tampering in CCF


    Document will not be considered & we will process the
    change for rejection.
    NA
    3)To open below services, User need to provide additional
    approval from Domain leads

    SMTP / Port_25 - Tejas Shah / Venkat Seshu (Notes


    Team)
    Internal DNS / UDP_53 - Ashish Patel / Girish Rumade
    Standard 4) Product documentation supporting the requested
    Port / Birectional communication .

    NA
    No
    NA

    Destination
    Server Type Source IP Address Source NAT IP
    Server Name

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    10.5.82.255
    10.5.82.233
    10.5.85.121
    10.5.84.225
    10.5.123.223
    10.4.15.45
    10.5.85.229
    10.5.84.236
    10.5.84.89
    10.5.84.153
    10.5.85.141
    10.4.169.87
    10.4.171.93
    10.4.168.156
    10.5.84.71
    10.226.56.151
    10.5.122.64
    LAN NA SWIFT
    10.5.82.60
    10.5.113.110
    10.5.123.11
    10.5.83.8
    10.5.83.148
    10.5.82.109
    10.5.83.140
    10.5.83.174
    10.5.82.53
    10.5.83.132
    10.121.64.19
    10.5.83.232
    10.5.113.227
    10.5.113.228
    10.226.73.63
    10.226.73.64
    10.4.13.118

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Bidirectional
    Unidirectional

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    restricted services, product


    cument need to be attached in
    val needs to be obtained by
    e Initiator
    ces are as below -
    _1521
    0(HTTP)
    P_445
    (TELNET)
    21(FTP)
    CMP
    nsfer (i.e : port 22/20/21)

    e Manager, Tampering in CCF


    idered & we will process the
    or rejection.

    ser need to provide additional


    m Domain leads

    hah / Venkat Seshu (Notes


    am)
    Ashish Patel / Girish Rumade
    n supporting the requested
    l communication .

    Destination IP Destination Port No / Services


    Destination Type
    Address NAT IP (TCP/UDP)

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    172.16.7.116
    DMZ PROD 22
    172.22.7.126

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    DMZ PROD
    DMZ UAT
    LAN
    PCIDSS PROD
    PCIDSS UAT
    PRE-PROD
    PROD
    PUBLIC
    THIRD PARTY
    UAT
    VPN
    VM DMZ
    VM PCIDSS PROD
    VM PCIDSS UAT
    VM PROD
    VM UAT

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Bidirectional/ Justification for each Service Justification for Bidirectional


    Unidirectional or port Communication

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Unidirectional To Access Data Extractor Utility NA

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Purpose Of rule

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    To Access Data Extractor Utility & perform SWIFT file proccesing

    _x000D_ Classification - Internal


    #
    Classification - Internal #_x000D_

    Yes

    No

    Standard
    Emergency

    _x000D_ Classification - Internal


    #

    You might also like