Skip to main content
Document Status: Operational
Last Updated: July 2026
Provider: OneFirewall Alliance
Client: ClientX

1. Document Objective

The purpose of this Operational Playbook is to define the guidelines, emergency procedures, and interaction methods between the ClientX IT team and the OneFirewall Alliance support centers. The application in use is a critical pillar for business continuity and security; therefore, this document is designed to:
  • Ensure Operational Continuity: Provide clear and immediate instructions to promptly mitigate or resolve any blocking service disruptions or anomalies.
  • Define Communication Channels: Establish rapid escalation paths and dedicated contact channels based on the severity of the event.
  • Align Technical Teams: Provide the ClientX team with the necessary autonomy to execute structured workarounds (emergency bypassing) while awaiting specialized intervention from OneFirewall Alliance.
This document must be considered a dynamic action guide, accessible to all technical personnel authorized to manage the infrastructure.

2. Support Channels and Contacts (24/7)

The OneFirewall Alliance support service is active 24 hours a day, 7 days a week to ensure business continuity and infrastructure security for ClientX.

Emergency Support (Service Block / Critical Incidents)

To be used exclusively in case of total service disruption, application offline, or blocking anomalies (High/Critical Severity).

Emergency Phone Number (24/7 Availability)

+44 (0) 20 3807 8020
Mandatory Email Subject Line: [EMERGENZA] [ClientX] Brief Description of the Problem

Standard Support and Requests (Non-Blocking)

To be used for configurations, minor anomalies, questions about platform usage, or profile modifications.
  • Support Email: [email protected]
  • Response Time: Within 24 hours
  • Email Subject Line: [ClientX] Brief Description of the Problem or specific request

3. Incident Severity Matrix

To optimize intervention times, reports must be classified according to the following criteria:
LevelImpactDescriptionChannel to Use
P1 - CriticalTotalThe ClientX application is isolated/offline; the OneFirewall agent is massively blocking legitimate traffic.Phone + Emergency Email
P2 - HighPartialMalfunction of a single Agent feature or significant traffic slowdowns.Emergency Email
P3 - MediumMinimalGUI anomalies on the dashboard, reporting requests, or configuration changes.Standard Email

4. Operational Procedure in Case of Disruption (Emergency Workaround)

In the event of a critical disruption (e.g., isolation of instances or application traffic block caused by a potential massive false positive), the ClientX IT team is authorized to follow this bypassing and quick recovery procedure.
ATTENTION: Completing these steps temporarily disables OneFirewall protection. Execute these actions only in coordination with OneFirewall support or in the event of absolute application unavailability.

Step 1: Cleaning Address Groups on Google Cloud Platform (GCP)

To immediately restore traffic flow at the network level and eliminate centralized IP blocks:
  1. Log in to the ClientX GCP Console using administrative credentials.
  2. Navigate to: VPC Network -> Firewall Policies (or Network Security depending on the configuration).
  3. Locate the Address Groups synchronized by OneFirewall Alliance (e.g., ofa-blocked-ips-group).
  4. Proceed to clear (empty) the IPs contained within the group, or temporarily remove the Address Group association from active firewall rules.

Step 2: Disabling the OneFirewall Agent

To prevent local machines from continuing to process rules or blocking traffic at the host level:
  1. Log in to the OneFirewall Alliance Dashboard on ClientX premises (https://IP_HOST)
  2. Navigate to Admin -> Agents:
    • Disable the Agents related to Cloud Armor for the affected GCP project.
  3. Navigate to Intelligence (IoC) -> IPv4:
    • If a specific IP is involved, under the IPv4 section, add the IP/IPs whose service accessibility is limited to the whitelist.

Step 3: Notification to OneFirewall Alliance

Immediately after executing steps 1 and 2, contact the 24/7 support via the emergency phone number to open the incident. This allows OneFirewall technicians to analyze logs, identify the root cause, and proceed with a secure restoration.