CS Department Firewall Overview

CS Department Firewall

The CS Department runs a firewall to protect internal hosts from unwanted external network traffic. Due to the nature of firewalls, this can sometimes cause problems for some applications or services that reside behind firewall. If you are experiencing a problem that you believe is caused by the firewall, please contact CS Staff so we can work with you to find a solution. By default we block all incoming network ports from outside the department into those network subnets where we place personal workstations. Because of this, ping and other network applications that try to contact a host behind the firewall will not work.

Because of this setup, we also employ a second technology known as “Split DNS”. To be brief, the DNS zone 'cs.vassar.edu' contains different records for internal and external hosts. When querying the zone from inside the department you'll find it contains each and every host registered with us.

We do our best to make sure that the firewall does not disrupt computing within the department. Sometimes people may request that a port be opened on the firewall to allow a particular application to work. In most cases, the answer to this question is “no,” however, where there is a legitimate research or academic need, and no alternative solution exists, we will do our best to accommodate the request. Beware, though, that the usual method for allowing such things is to move the target host outside the department firewall. This means that the host will be much more exposed to attack from the internet, and will also not have access to many of the services available inside the firewall.

  • Used with express permission from Princeton CS