MNET Services>Telecom Data Networking>Firewall Services>Requesting Changes

How to Request Changes

In the past, MN.IT has accepted change requests from many paths, including email, telephone, and in-person visits. However, these requests can be quite complex and it is easy to omit important information or make mistakes when using the more informal methods. Going forward, MN.IT is strongly encouraging requests to come in via the Border Control Zone Request form. The rest of this document will assume that that form was used to start the request.

Setting Up New Zones

This document is focused on processing requests for incremental changes to existing zones. Setting up a new zone is a more complex process and is handled on a custom basis.

The Process

All requests go through the following review process:

• First, is the request submitted by a listed security contact for that zone? If not, the request is not processed and a security contact for that zone is notified.
• Second, we verify that the request is complete and clear. Are all required ports listed? Is it unclear which direction traffic should be permitted to flow? Incomplete or unclear requests will be referred back for clarification.
• Third, we verify that the request makes sense. An example of a non-sensical request is one that talks about a web server but list port 25 as the service port. (If you really want this or a similar configuration, you can ask for it but should explain why in the request.) Requests that don't make sense will be referred back for clarification.
• Fourth, we check the request against any applicable zone policy(ies) (if we have them on file) or against the default policy. Requests that don't comply or are lacking explanations will be referred back for adjustements.
• Fifth, we check to see if zones are involved that are controlled by others. If so, we confirm with them that the request should be completed. If not, we will put you in touch with at least one of other zone's security contacts to discuss the issues.
• Sixth, we check to see if any of the zones to be reconfigured are MN.IT or other Executive Branch state organization. If they are, we refer the request to the MN.IT Joint Review committee which checks for compliance with State security policies. If the request complies, the request is then passed onto the next stage. If it doesn't, we will contact you about the request.
• Seventh, we schedule the change according to the requested schedule and the change policy for the zone (if we have one listed).
• Eighth, we make the change and notify you of the completion.

Timeline

In the case where the request is complete, sensible, complies with the security policy, doesn't involve other contacts, and has no scheduling constraints, the review and implmentation normally happens within one business day, which means that a request received today will be implemented by the end of (business day) tomorrow.

As an example, a request for a change to an Executive Branch zone may be received at 2pm. It will be checked and reviewed by the next MN.IT Joint Review Committee session and scheduled for implementation the next day.

The cutoff for requests that must be processed by the MN.IT Joint Review Committee is 8am (each business day). Requests received after that time may not be considered until the next business day.

Note that the change policies for some zones require additional notice. For those zones, all that we can do by the next business day will be to have completed the scheduling process. The implmentation will happen when permitted by the zone's policy.

What If You Don't Know What to Ask For?

It is sometimes the case that you need to add new functionality but you aren't sure exactly what rules are required. In such a case:

• Fill in all of the general fields (Description, Business reason, etc.).
• Fill in what rules you can as far as you can.
• Put the following text in the Notes field at the end:

  This is for a new application.

Seeing this text in the Notes field, we will contact you to arrange a time (or times) to work out the exact rules. Once the exact rules have been determined, we will update the request with the exact rules. If Executive Branch organizations are involved, the final rules will be reviwed by the MN.IT Joint Review Committee.