CONTROLLED DATA
Leidos Proprietary - US Citizens ONLY
The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.

When there are ports or protocols blocked from the Leidos VPN pools or other source into the target AWS systems (DEVINT), the following information is useful to edit or update a request.

Step-by-step guide

  1. Go to Leidos Prism and find the SIARRA link in the page footer. You'll need to select the link under the category "IT Systems". https://apps.prism.leidos.com/security/it/siarra/siarra_form.asp
  2. Select "Edit an existing Draft" and select the completed request "12297"

  3. On the form, you MUST enter the revision information in the field provided. Start the field with a revision date. 

    Example Revision Information

    09/11/2019

    SRC: vpn-pools

    DEST: gsmd-ag9-web1 10.101.136.5

    PORT: 8443

    Service: HTTPS, SOAP

  4. After entering the revision information, expand the "5.0 Server Information" section of the SIARRA form. Enter values for each of the columns. Use IP addresses when known and static. An exception to this is when you want to enter the vpn-pools as the source or destination. You may also use CIDR addressing to cover a range of IP addresses when appropriate.

    Server Information

    source ip: 10.101.136.0/24 (this covers all IP addresses in the DEVINT subnet, but usually only provide specific servers)

    destination ip: 10.224.34.10 (example... corporate LDAP server)

    hostname: ldap-corpdev.leidos.com

    port: 389

    service: LDAP

    direction: IN

    protocol: TCP


    VPN Revision Example

    source ip: vpn-pools (this covers all VPN IP addresses which is the source IP for Leidos laptops and developer workstations)

    destination ip: 10.101.136.5 (example... devint web1 server)

    hostname: gsmd-ag9-web1.dcs.leidos.com

    port: 8443, 8444, 8445, 8446

    service: HTTPS, SOAP

    direction: IN

    protocol: TCP

  5. If you are unsure of the service name, do a lookup on the Paloalto networks application id search. It is not sufficient to provide "HTTPS" as other applications running on HTTPS such as SOAP, are blocked by default.  https://applipedia.paloaltonetworks.com/
  6. Press submit which starts the approval process.
  7. Once all approvals are complete, a CIO Central incident ticket is open automatically to implement the firewall change. You'll be notified to test the change when it is complete.

 

IMPORTANT: Only one DER (SIARRA) revision may be open at a time. If a revision is not through the entire approval cycle and closed, you will not see your DER/SIARRA in the "Edit an existing draft" list on the DER/SIARRA form.

IMPORTANT: Please refrain from opening multiple DER/SIARRA requests. Use your original DER/SIARRA unless circumstances prevent it. Having multiple open DER/SIARRAs for our project or an environment will only confuse the Leidos CIO support staff and our own program personnel.





The information contained herein is proprietary to Leidos, Inc. It may not be used, reproduced, disclosed, or exported without the written approval of Leidos.
CONTROLLED DATA