Document Control

Authorization
TEMPLATE NAME Firewall Rule
TEMPLATE VERSION 1.1
EFFECTIVE DATE 15th Jun 2017
TEMPLATE OWNER Information Technology
TEMPLATE APPROVER Process Owner
DOCUMENT OWNER Ketan Mhatre
DOCUMENT CLASSIFICATION Restricted
DOCUMENT VERSION NO. 1.1

Review
TEMPLATE VERSION DATE AUTHOR
1.0 24th May 2017 IT Governance

1.1 15th Jun 2017 IT Governance

Frequency of Review – Annually

Ownership

Bank's Information Technology is the owner of the document. Unless otherwise specified, no part of this document
reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm
without permission

Placement
The most updated copies of the document can be found on the Bank's information portal under Information Techno
(IT) section. All printed copies of this document are to be treated as uncontrolled and may be obsolete. You shall a
consult the curren
DESCRIPTION
Released version of Firewall CCF
Template
1. old statements replaced as:
Old Statement:
Source Application owner Name &
employee code
New Statement:
Source Application owner Name (as
per CMDB) & employee code (if
Multiple, add additional records)

Old Statement:
Source Application Name
New Statement:
Source Application Name (as per
CMDB) (if Multiple, add additional
records)

Old Statement:
Destination Application Owner
Name & employee code
New Statement:
Destination Application Owner
Name (as per CMDB) & employee
code (if Multiple, add additional
records)

Old Statement:
Destination Application Name
New Statement:
Destination Application Name (as
per CMDB) (if Multiple, add
additional records)

Old Statement:
Change ticket Type.
(Standard/Emergency) For
Emergency Changes requestor
needs to provide his A-Team
member approval and ITG-Security
FH approval with change ticket in
emergency category.
New Statement:
se specified, no part of this document may be
including photocopying and microfilm,

ation portal under Information Technology

ed and may be obsolete. You shall always
 Sr. No. Details Required
1 Source Application owner Name (as per CMDB) & employee code (if Multiple, add additional
2 Source Application Name (as per CMDB) (if Multiple, add additional records)
3 Change Initiator Name & employee code
4 Change Manager Name & employee code
5 Functional Head Name & employee code
6 Destination Application Owner Name (as per CMDB) & employee code (if Multiple, add addit

7 Destination Application Name (as per CMDB) (if Multiple, add additional records)

8 What is the DESTINATION Application Availability Rating (as per ITG

9 Confirm if RULES are requested for ALL STANDBY & DR INSTANCES t

10 Business Justification for rule to be open. (Pls provide actual requirment for rule opening do n

11 Attach Approval from Destination Application OWNER (IM & PM) & Vert

12 Change ticket Type. (Standard/Emergency) For Emergency Changes, requestor needs to

13 Reason for emergency Change. (if applicable)

14 Is the Access being requested for UAT or Production Communication?
15 If for UAT, Please mention the duration in month

Technical Details:

Interface Name Object Name

1 Solace
2 OBP
User Inputs
Radheshyam Patel(R18441)
TSG.Enterprise Banking Platform
Ketan Mhatre
Radheshyam Patel(R18441)
Gopakumar Panicker(G0373)
Kamlesh Patil (K4728)

NA

NA

Note - 1)To open below restricted serv

document need to be attached in CA
NA
obtained by Ch
Restricted Service
TCP_
TCP_80
TCP_
TCP_23(
TCP_2
Open firewall rule from Solace to API GW IC
SFTP Access / Data Trans

2) Post approval of Change Manager, T

considered & we will proces

NA 3)To open below services, User need to

lea

SMTP / Port_25 - Tejas Shah

Internal DNS / UDP_53 - A
4) Product documentation support
commun
Standard

NA
UAT
Permanent

Source IP Address Source NAT IP Interface Name

10.226.174.67 NA NA
10.226.204.85
10.226.223.61
10.226.216.69
10.226.202.164
10.226.216.235
10.226.223.96
10.226.212.221
10.226.210.98
10.226.211.182
10.226.209.157
10.226.214.254 NA NA
10.226.213.253
10.226.208.52
10.226.223.153
10.226.222.47
10.226.205.59
10.226.215.131
10.229.222.34
10.229.223.34
10.229.213.190
10.229.192.124
1)To open below restricted services, product /Application specification
ment need to be attached in CA portal and ISG Approval needs to be
obtained by Change Initiator
Restricted Services are as below -
TCP_1521
TCP_80(HTTP)
TCP_445
TCP_23(TELNET)
TCP_21(FTP)
ICMP
SFTP Access / Data Transfer (i.e : port 22/20/21)

approval of Change Manager, Tampering in CCF Document will not be

considered & we will process the change for rejection.

n below services, User need to provide additional approval from Domain

leads

SMTP / Port_25 - Tejas Shah / Venkat Seshu (Notes Team)

Internal DNS / UDP_53 - Ashish Patel / Girish Rumade
Product documentation supporting the requested Port / Birectional
communication .

Object Name Destination IP Address Destination NAT IP

172.21.14.8
API GW NA
172.16.5.100
 10.229.129.68
10.229.129.69
OBP NA
10.229.129.70
Port No / Services (TCP/UDP)
Bidirectional/ Unidirectional Justification for each Service or port
Solace to API GW
443 Unidirectional
30101 Unidirectional OBP to OBP
Justification for Bidirectional Communication Purpose Of rule
Solace to API GW
NA
NA OBP to OBP