Firewall Top Tips

Making clear and accurate firewall requests helps LGfL process changes quickly and safely. The tips below will help your school provide the right details and avoid common delays or security issues.

1. Speak to Us

If you're unsure what’s required or the best way to approach something, please reach out to the LGfL Support Team. In many cases, other schools have requested similar changes before, so we can often action your request quickly without you needing to research specific port or detailed configuration requirements yourself.

2. Provide Additional Details

When submitting a request, you’re not limited to the standard template spreadsheet. If a supplier has provided a technical document or network specification, please include that too - it can help us process your request faster and more accurately.

3. Use Firewall & MIP Templates

On the LGfL Deployment page, you’ll find pre-built templates for many common firewall rules and MIP configurations. Click the Request a MIP or Request a Firewall Change buttons on the right-hand side to access them. Using these templates can speed up requests and reduce errors.

4. Regularly Review Your Firewall & MIP Rules

Firewall rules and MIPs that are no longer needed can introduce vulnerabilities or safeguarding risks (for example, students bypassing filtering). Regularly review your rules via the LGfL Deployment page and let us know if anything can be removed or updated.

5. Know Your Ports

Understanding which ports your services use helps ensure requests are accurate and security is maintained. Most standard services use well-known ports, so you’ll rarely need to request new ones unless you’re setting up something unusual.

Here are some of the most common outbound ports used by schools:

TCP 80 – Standard web traffic (HTTP)
TCP 443 – Secure web traffic (HTTPS)
TCP/UDP 53 – DNS lookups (domain name resolution)
TCP 25/465/587 – Email sending (SMTP)
TCP 110/995 or TCP 143/993 – Email receiving (POP3/IMAP)

If a supplier asks for a port to be opened, always check their documentation or contact LGfL Support to confirm it’s necessary and safe before raising a request.

6. Be Cautious - Restrict First

When requesting a change, it’s best to err on the side of caution by requesting the most restrictive rule possible (for example, limiting source/destination IPs or ports). We can always look at making a rule less restrictive later if needed, but starting specific helps maintain security.

7. Requests for Ports 80 and 443

Ports 80 (HTTP) and 443 (HTTPS) are open by default on the LGfL network, but traffic is filtered through SchoolProtect. If a software vendor asks for these ports to be unblocked, they usually mean a specific URL or domain needs to be allowed. Simply add that URL to your SchoolProtect allow list to grant access.

COMING SOON: Firewall MOT

LGfL will soon be launching a Firewall MOT service - a comprehensive health check of your school’s firewall configuration and security settings. This service will help identify potential vulnerabilities, outdated rules, and opportunities to improve performance and compliance.

Stay tuned for further updates and information on how your school can take part.