Skip to main contentSkip to main navigationSkip to footer content

Firewall Inclusion Exclusion Policy

Policy Purpose

This policy defines the purpose and the parameters of the campus internet firewall’s inclusion and exclusion listings. These are also known as block and allow listings. The policy is a security standard.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to use the campus firewall to exclude certain web sites, ip addresses, or entire countries on the internet to protect the campus from cyber security threats. The policy also allows the campus firewall to include certain web sites or ip addresses for use with our vendors or University programs.

Applicability

This policy applies to all users accessing the campus network, whether wired or wireless. This policy also includes the public wireless.

Definitions

Exclusion or Blocked List – a list of web sites, ip addresses, or entire countries that are NOT allowed on the campus network.
Inclusion or Allowed List - a list of web sites, ip addresses, or entire countries that specifically ARE ALLOWED on the campus network.
Recommended blocked sites – this list comes from the FBI, State Department, Homeland Security, Educause Security, REN-ISAC (higher education security sharing group), AREON security, UA System security, and numerous other security vendors, security consortiums, and security groups.

Policy Procedure

Exclusions
1. The campus firewall automatically blocks sites using a feed from the Palo Alto global security operations center.
2. The IT Department imports recommended block sites into the campus firewall. See 4. Definitions.
3. 2. The IT Department reviews daily security reports from the lists above and manually blocks sites from these reports.
4. The countries of Russia, China, North Korea, Iran, or Iraq will not be exempted or allowed, with the exception of sites that require access in accordance with the University’s international partnerships or international relations.
5. Block list Requests - ITS reviews TeamDynamix tickets to see if there are any sites that need to be blocked. ITS will review the site by checking the site with malware scanning tools and reviewing block list databases to see if the site needs to be blocked.
Inclusions
6. Inclusion list requests – The IT Department reviews TeamDynamix tickets to see if there are any sites that need to be allowed. ITS will review the site by checking it with multiple web scanning. tools and reviewing block list databases to see if the site is safe enough to be allowed. If the site is not safe, the site will not be allowed.
7. For the inclusion of the countries of Russia, China, North Korea, Iran, or Iraq the following criteria will be used:
a. International exemptions will only be allowed for 2 weeks for specific web sites only and will then move back to being blocked.
8. An additional 2 weeks may be granted if requested.

Enforcement

The firewall configuration is maintained by the Information Technology Services department. No other campus users are allowed to make changes on the firewall. The firewall itself enforces the inclusion/exclusion of web sites, countries, and ip addresses.

Policy Management

This policy is managed by the IT department. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

Student housing networks are hosted by a 3rd party vendor and are excluded from the campus firewall policies.

Effective and Approved Date

This internal policy was approved by Terry Meadows – Director of IT/CIO on 1/9/2023

Last Updated

10/4/2025 Changed Service Now to TeamDynamix, and made document accessible – Terry Meadows/CIO