Look at the services your organisation uses, and work out whether and how you can migrate them from the PSN to the cloud.
The moving to modern network solutions guidance will help your organisation on this journey.
Ensure you are PSN compliant
You should continue with any work needed to secure and maintain your network to ensure it meets the existing security standards. Find out about PSN compliance here.
Get network resources
You can still request IP addresses and get approval to use your Domain Name System (DNS) name on PSN from the PSN team, although these will now be assessed in light of the move to adopt Technology Code of Practice across government.
You can use your own public IP addresses, but you may qualify for an allocation of IP addresses from the PSN team. Complete an IP address allocation form, making sure that you understand and agree to the terms and conditions.
The PSN team will allocate IP addresses if your request is approved.
In some cases, we have delegated blocks of our IP addresses to third parties. If you need addresses for the following purposes, you should contact the relevant organisation directly.
|Purpose of the IP addresses||Contact|
|PSN connections for HMRC||HMRC|
|PSN connections for Home Office||Home Office Technology|
|PSN connections for Police||PSN in Policing|
|UK Cloud PSN cloud services||UK Cloud|
|CSC PSN cloud services||CSC|
Nominet is the governments DNS Provider offering a secure DNS service. You should buy this DNS service through CCS and then complete the following form to request access to use the DNS Service.
Note: As of 31 March 2021 this service replaces the DNS procurement process and DNS service via the legacy GSi Convergence Framework (GCF). The GCF Service is no longer available.
Consider encrypted WAN Connectivity
You may want encryption on your network service. To do this:
- choose a supplier that offers an IPED-connected encryption service
- make sure the supplier knows which services you need access to
- make sure you understand what the timescales are for you to be able to access these services
Read the Inter-Provider Encryption Domain (IPED) service document to learn more about using encryption on PSN.
Request changes from service providers
You must make sure you have access to the PSN services you need from your new connection. The PSN team will provide new IP addresses for new customers connecting to the network. Make sure that you know all the services that youre currently accessing and contact the service owners so they can make any technical changes required to give you access.
Install the new connection and configure your environment
Your connectivity supplier will do the physical installation and configuration of the PSN connectivity service. There can be a lead time of approximately 9 weeks between ordering the circuit to installation. You also need to confirm with your supplier that they have got Government Conveyance Network (GCN) connectivity. If they dont youre unlikely to be able to access other government services on PSN.
If you have services bought through the GCF framework you need to complete and return a request for change (RFC) to our current core services provider, Vodafone. You need to complete this no later than 6 weeks before the date you want to transition. You will need your PSN IP address to complete the RFC form.
Your supplier will provide specific technical details about connecting to their network following an order. We have also set out below technical steps to follow to successfully connect to PSN.
Configure your firewall
You will need to configure your firewall to access the services you need. A typical rule set is:
|Your proxy/NAT||PSN||HTTP (TCP:80) HTTP (TCP:8080) HTTPS (TCP443)||Allow||Enable outbound access to applications within the PSN using HTTP & HTTPS|
|PSN||Your web services||HTTP (TCP:80) HTTPS (TCP:443)||Allow||Enable outbound access to applications within the PSN using HTTP & HTTPS|
|PSN||Your email servers||SMTP (TCP:25)||Allow||Enable inbound email from PSN|
|Your DNS servers||PSN DNS servers||DNS (UDP:53) DNS (TCP:53)||Allow||Allow queries to the PSN DNS servers|
|Any||Any||Any||Block||Default rule for all other traffic|
Configure your DNS servers to use Nominet
Nominet provides the primary DNS servers and resolvers for the following domains:
The IP addresses of the PSN DNS resolvers that you should configure on your DNS servers are 126.96.36.199 and 188.8.131.52, both accessible using DNS on UDP Port 53.
All gsi-family domain names (gsi.gov.uk, gse.gov.uk, gcsx.gov.uk or gsx.gov.uk) must now be replaced with a government domain like gov.uk, gov.scot, llyw.cymru or gov.wales.
Note: Network Time Protocol (NTP) service is no longer provided.
IP addresses reachable on PSN
The summary blocks of IP addresses in the table below are set aside for use on PSN, and reachable from PSN.
If you are a PS