The Firewall Exception Request service allows customers to request network access changes when their systems need to connect to a protected service, application, or environment. This process is used when traffic is blocked by default and a specific exception is needed to permit legitimate business communication.
Firewall exceptions are reviewed to help ensure connectivity needs are met without weakening security controls. Approval is based on business need, technical accuracy, and compliance with security policy.
When to Use This Service
Use this service when you need us to review and potentially allow network traffic for a specific connection, such as:
- Access from your environment to our hosted service
- Access from our environment to your hosted service
- Allow listing a public source IP address
- Opening a specific protocol for an approved integration
- Requesting a temporary exception for testing, migration, or troubleshooting
Before You Submit a Request
To avoid delays, please make sure you have the following details ready:
- Company name
- Requestor name and email address
- Public source IP address or IP addresses to be allow listed include Fully Qualified Domain Name (FQDN) if available
- Destination hostname, URL, or IP address
- Application protocol, such as HTTP or SSH, if special need the required port or ports
- Network protocol, such as TCP or UDP
- Environment, such as Production, Test, or Development
- Business case with justification for the request
- Requested start date
- Requested end date
Service Description
This service reviews customer-submitted firewall exception requests and, when approved, implements a targeted network rule change to allow only the required traffic.
The service is intended for specific, controlled access needs. It is not meant for broad or unrestricted access. Whenever possible, access is limited by source IP, destination, port, protocol, and duration.
Typical examples include:
- Allowing a customer’s static public IP to reach an API endpoint over TCP 443
- Permitting connectivity for a scheduled data exchange between systems
- Creating a temporary exception for partner testing during implementation
Requirements
For security reasons, requests should meet the following requirements:
- Static public IP addresses are required
- Requested access must be limited to the minimum necessary scope
- A valid business reason must be provided
- Exceptions are maximum for one year and subject to renewal
- All requests are subject to security review and approval
Limitations
This only applies to the campus border firewall. Services connecting into the data center or other secure network zones may require you to coordinate with System Infrastructure.
We may not be able to approve requests that include:
- Dynamic or frequently changing IP addresses
- Large IP ranges without documented justification
- Open-ended permanent access
- Incomplete or inaccurate technical details
- Requests that conflict with security policy
Submission of a request does not guarantee approval.
How to Request a Firewall Exception
Please submit the firewall exception form.
Example Request
Source IP: api.example.com
Destination: service.mst.edu
Protocol: HTTPS
Environment: Production
Business Reason: Inbound integration from vendor ERP to hosted API
Duration: May 1, 2026 through May 31, 2026
Review and Fulfillment
Once submitted, the request will be reviewed by the appropriate support or security team. Requests may be delayed if required information is missing. Approved changes are typically implemented according to standard change and security procedures.
Related Notes
- Use the most specific IP or FQDN and protocol information possible
- Temporary access is preferred over permanent access
- Incomplete requests may require follow-up before review can begin
- May require additional monitoring and security tools