Medium

Purpose

To address and organize both the private internal ip addressing and public addressing. 

To enable internal private ip space access to external resources and external ip space to internal private resources.  

Standard

  1. All NAT'ing within STAGEnet private 10.0.0.0/8 space must be performed by NDIT, per the specifications of the NAT standard.  Individual entities are NOT permitted to NAT within STAGEnet, as it may break numerous components and design elements.  All endpoints within STAGEnet are to utilize private IPv4 addresses.  Endpoints requiring connectivity originating from public IP space require NAT'ing at the network layer.
  2. NAT'ing may be required for connectivity to vendors.  NAT for this use-case should reside on the terminating STAGEnet IPSEC device.
  3. All Data Center NAT'ing will centrally take place within the Data center external/internet facing boundary appliance/firewall.
  4. All other NAT'ing will centrally take place on the the Stagenet external/internet facing boundary appliance/firewall.  
  5. All NAT'ing address will be entered into the centralized IPAM solution.
  6. Approved Vendor(s):
    • Infoblox - DNS/DHCP/IPAM
    • Palo Alto Networks - L7 Firewall
    • Juniper Networks - L3/4 Firewall (SRX)

Scope

This standard applies to all STAGEnet entities, excluding all higher education institutions, i.e. campuses and agricultural and research centers, and veterans home.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 1
Revision Date: 2021-04-01
Effective Date: 2021-04-01
Last Reviewed: 2021-04-01
Number: POL0020017