Campus Firewall

Firewall Port Restrictions

  • The campus firewall is in place to protect the campus network. Therefore, not all requested ports can be opened. Remember it is a security violation to run a service on any port other than the IANA assigned port for that service.
  • When any port is opened through the campus firewall, the system operator is responsible for its integrity. The port will be blocked if the machine is considered a security risk to the campus network.
  • All insecure protocols (protocols that provide no encryption and pass traffic in clear text) are not allowed to pass through the campus firewall. Services affected include telnet, ftp, imap, and pop. Replacements for these services include ssh, scp, security imap and secure pop.
  • Anonymous FTP is allowed. However, if you are found to be running authenticated FTP services (ie.. non-anonymous, non-encrypted), we will block the port for this service.
  • An alternative solution to connect to the campus network that does not require exceptions in the campus firewall is the campus VPN Service.
  • Services should run on standard ports. This means port 80 (for unencrypted ) and port 443 (for SSL-enabled). We do allow alternate servers on 8000 or 8080 (unencrypted) and 8443 (encrypted). For SSL encrypted sites, self-signed certificates will NOT be allowed for hosts open through the campus firewall.  The certificate must be signed by a trusted Certificate Authority.  To request a certificate visit the Certificates website.
  • The smtp (port 25) port for all hosts is closed by default. This configuration of the Texas A&M SMTP relay servers was implemented to prevent third-party email relaying. To learn more, visit the Infrastructure Services website. If you need the smtp port opened, you must provide detailed documentation on the reasons the Texas A&M configuration is not sufficient, and your machine will be checked to verify that it is not relaying mail.
  • Effective May 21, 2013: All incoming IP Traffic is blocked by default at the campus firewall. To open a needed port, send a request to firewall@tamu.edu.  The table below shows which ports can be opened through the campus firewall.

  • Effective May 31, 2016: Incoming ICMP echo requests are blocked by default at the campus firewall. To request an exception to this rule, please email firewall@tamu.edu.

Note: Ports Usually Not Opened require justification and vulnerability scan.

Protocol Never Opened Usually Not Opened Opened After Vulnerability Scan
TCP 135-139
445
1433
1434
12345
7597
21
23
25
465
110
143
161-162
3306
Most remaining Ports
UDP 7-19
69
111
135
137-139
177
445
520
995-999
1026
1027
1433
1434
1900
2049
4444
8998
27444
28431
31335
31337
32770-32789
34555
161
162
514
Most remaining Ports
All Remaining Protocols -- All openings must be approved by the CISO --