> ## Documentation Index
> Fetch the complete documentation index at: https://docs.onefirewall.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Operational Playbook & Incident Management

> Guidelines, emergency procedures, and interaction methods between the ClientX IT team and OneFirewall Alliance support centers.

<Note>
  **Document Status:** Operational\
  **Last Updated:** July 2026\
  **Provider:** OneFirewall Alliance\
  **Client:** ClientX
</Note>

***

## 1. Document Objective

The purpose of this Operational Playbook is to define the guidelines, emergency procedures, and interaction methods between the **ClientX IT team** and the **OneFirewall Alliance support centers**.

The application in use is a critical pillar for business continuity and security; therefore, this document is designed to:

* **Ensure Operational Continuity:** Provide clear and immediate instructions to promptly mitigate or resolve any blocking service disruptions or anomalies.
* **Define Communication Channels:** Establish rapid escalation paths and dedicated contact channels based on the severity of the event.
* **Align Technical Teams:** Provide the ClientX team with the necessary autonomy to execute structured workarounds (emergency bypassing) while awaiting specialized intervention from OneFirewall Alliance.

> This document must be considered a dynamic action guide, accessible to all technical personnel authorized to manage the infrastructure.

***

## 2. Support Channels and Contacts (24/7)

The OneFirewall Alliance support service is active **24 hours a day, 7 days a week** to ensure business continuity and infrastructure security for ClientX.

### Emergency Support (Service Block / Critical Incidents)

*To be used exclusively in case of total service disruption, application offline, or blocking anomalies (High/Critical Severity).*

<CardGroup cols={1}>
  <Card title="Emergency Phone Number (24/7 Availability)" icon="phone">
    **+44 (0) 20 3807 8020**
  </Card>

  <Card title="Escalation Emails" icon="envelope">
    * `support@onefirewall.com`
    * `solution-architects@onefirewall.com`
  </Card>
</CardGroup>

<Warning>
  **Mandatory Email Subject Line:** `[EMERGENZA] [ClientX] Brief Description of the Problem`
</Warning>

### Standard Support and Requests (Non-Blocking)

*To be used for configurations, minor anomalies, questions about platform usage, or profile modifications.*

* **Support Email:** `support@onefirewall.com`
* **Response Time:** Within 24 hours
* **Email Subject Line:** `[ClientX] Brief Description of the Problem or specific request`

***

## 3. Incident Severity Matrix

To optimize intervention times, reports must be classified according to the following criteria:

| Level             | Impact      | Description                                                                                                  | Channel to Use          |
| :---------------- | :---------- | :----------------------------------------------------------------------------------------------------------- | :---------------------- |
| **P1 - Critical** | **Total**   | The ClientX application is isolated/offline; the OneFirewall agent is massively blocking legitimate traffic. | Phone + Emergency Email |
| **P2 - High**     | **Partial** | Malfunction of a single Agent feature or significant traffic slowdowns.                                      | Emergency Email         |
| **P3 - Medium**   | **Minimal** | GUI anomalies on the dashboard, reporting requests, or configuration changes.                                | Standard Email          |

***

## 4. Operational Procedure in Case of Disruption (Emergency Workaround)

In the event of a critical disruption (e.g., isolation of instances or application traffic block caused by a potential massive false positive), the ClientX IT team is authorized to follow this bypassing and quick recovery procedure.

<Warning>
  **ATTENTION:** Completing these steps temporarily disables OneFirewall protection. Execute these actions **only** in coordination with OneFirewall support or in the event of absolute application unavailability.
</Warning>

### Step 1: Cleaning Address Groups on Google Cloud Platform (GCP)

*To immediately restore traffic flow at the network level and eliminate centralized IP blocks:*

1. Log in to the **ClientX GCP Console** using administrative credentials.
2. Navigate to: `VPC Network` -> `Firewall Policies` (or `Network Security` depending on the configuration).
3. Locate the Address Groups synchronized by OneFirewall Alliance (e.g., `ofa-blocked-ips-group`).
4. Proceed to clear (empty) the IPs contained within the group, or temporarily remove the Address Group association from active firewall rules.

### Step 2: Disabling the OneFirewall Agent

*To prevent local machines from continuing to process rules or blocking traffic at the host level:*

1. Log in to the **OneFirewall Alliance Dashboard** on ClientX premises (`https://IP_HOST`)
2. Navigate to `Admin` -> `Agents`:
   * Disable the Agents related to **Cloud Armor** for the affected GCP project.
3. Navigate to `Intelligence (IoC)` -> `IPv4`:
   * If a specific IP is involved, under the IPv4 section, add the IP/IPs whose service accessibility is limited to the **whitelist**.

### Step 3: Notification to OneFirewall Alliance

Immediately after executing steps 1 and 2, contact the 24/7 support via the emergency phone number to open the incident. This allows OneFirewall technicians to analyze logs, identify the root cause, and proceed with a secure restoration.
