How does the University firewall work?

  • The University operates a default deny firewall. This means everything (including inbound connections) are blocked except the following:

    Port Service Direction Protocol
    21 FTP Outbound TCP
    22 SSH Outbound TCP
    23 Telnet Outbound TCP
    80 HTTP Outbound TCP
    110 POP email Outbound TCP
    143 IMAP email Outbound TCP
    443 HTTPS Outbound TCP
    27000-27015 Steam Outbound UDP
    27015-27030 Steam Outbound UDP
    27014-27050 Steam Outbound TCP
    27031-27036 Steam Outbound UDP
    27036-27037 Steam Outbound TCP
    4380 Steam Outbound UDP
    4379 Steam Outbound UDP
    3478 Steam Outbound UDP
    5223 Playstation Network Outbound TCP
    10070-70080 Playstation Network Outbound TCP
    3658 Playstation Network Outbound UDP
     88  Xbox Live Outbound UDP
     3074  Xbox Live Outbound UDP & TCP
     53  Xbox Live Outbound UDP & TCP
     500  Xbox Live Outbound UDP
     3544  Xbox Live Outbound UDP
     4500  Xbox Live Outbound UDP
  • Users can open up to 50 ports or 25 ranges of 10 consecutive ports. This is for outbound connections. ( Where do I do that? )
  • The firewall is updated each morning. Requests for ports to be opened will not be activated immediately, you must wait for the next morning update.
  • The following ports will not be unblocked, even if a firewall hole has been requested (ranges are in bold):

    Protocol Ports   Protocol Ports   Protocol Ports  

    Protocol

    Ports
    TCP 25   TCP 212   TCP 3128   TCP 6881-6889
    TCP 37   TCP 299   UDP 3389   TCP 8080
    UDP 37   TCP 389   TCP 3531   TCP 12144
    GRE 47   UDP 389   UDP 3531   TCP 16881-16889
    UDP 67   TCP 401   TCP 4662   UDP 41170
    TCP 69   TCP 402   TCP 4242   TCP 65010
    UDP 69   UDP 445   UDP 3531      
    TCP 119   TCP 445   TCP 4662      
    UDP 135   TCP 593   UDP 4672      
    TCP 135   TCP 1001   TCP 4661-4665      
    UDP 137-139   TCP 1214   UDP 4665      
    TCP 137-139   TCP 1215   TCP 5000      
    TCP 161-162   UDP 1433-1434   UDP 5000      
    UDP 161-162   TCP 1433-1434   UDP 6346      
    TCP 201   UDP 1948   TCP 6346-6350      
    TCP 202   TCP 2234   UDP 6346-6350      
    TCP 211   TCP 2120-2129   TCP 6999
  • Bandwidth on UDP 123 outbound is restricted. This is in line with Janet anti-DDoS measures. NTP clients should not be affected.
  • GRE VPN tunnel facilities are not available for students.
  • If you have a valid academic or work related reason for unblocking one of the above ports, you should contact Information Services and have a supporting letter from your Tutor or Head of Department.