FIREWALL: How Do I Become an Firewall Administrator?

This document describes the process for becoming an Cisco Firewall (firewall context "fc-*") administrator.

Background Info

Access to the Campus Firewall service contexts is handled by an automated process that relies on information in the WiscNIC database. In addition to contact information for all network administrators on campus, there are /32 subnet records (a /32 is a subnet containing only one IP address) for each Firewall context on campus. To administer an Firewall  context you must first add your contact information to WiscNIC, then you must be added to the appropriate subnet record as a technical contact.

Briefly, the procedure is as follows:

  • The user takes the DoIT Firewall training class. This class is currently an online tutorial that must be completed by the user.
  • The user adds himself or herself to the WiscNIC database using the WiscnicUpdate tool. Be sure to enter the date of your FWSM training.
  • The user requests (see below) to be added to the /32 subnet record(s) for the FWSM context(s) they wish to administer.
  • Some behind-the-scenes magic is worked to grant the proper permissions. You will be granted access to the firewall login links in the MyFirewalls tool as well as login access to the Firewall context itself.

    Making the Request

    IMPORTANT: Make sure you have added yourself the the WiscNIC database prior to making the request to be added as a technical contact.

    There are two ways you can request to be added to the WiscNIC database as an Firewall administrator. We present them in order of preference:

    1) Request that the administrator of the subnet controlled by the Firewall add you as a technical contact to the /32 record in WiscNIC.

    Each subnet in WiscNIC has a designated "administrative contact". That person has the ability to use the WiscnicUpdate tool to add other users as technical contacts to their subnets. If you know who the appropriate administrative contact is for the subnet in question, they can add you.

    2) Send a request to the NOC.

    If you do not know the administrative contact for the subnet in question, you can send a request to noc@doit.wisc.edu with the following information:

  • Your name and netid.
  • The date you completed the Firewall training.
  • The subnets, Firewall context number, and any other relevant information for the Firewall context you are going to be administering.

    Example (you may not have all this information, but it is included to be complete): 

    NOC,

My name is John Doe (netid 'jdoe1').  I work with Jane Smith who is the network administrator for Veterinary Medicine (AHABS).  
I just completed the FWSM training on 8/8/08 and I need to be granted access to the FWSM context for VetMed (AHABS) 
for VLANs 1171 (Inside) and 771 (Outside).  I believe this is context fx-113 and is in the 144.92.10.0/25 subnet.

Please add me to the appropriate /32 subnet in WiscNIC as a technical contact.

Thanks!

John Doe