I haven't done this in my environment but the initial thought I had was setup a CI for External DNS/Firewall access. Create a query that looks for these request types that fall within the timeframe you require. Then setup a Scheduled Task to perform the action you require if the conditions are met.
I know it's not very specific as there are a number of ways to do the above but hopefully it helps gets you thinking of new ideas.
If you don't want to keep it open indefinitely, you could set the expiration date then have the request go into some form of a closed status. Have a windowless action on that closed status called "Send Extension Email" and have an auto email action after that which then goes into an "Awaiting Extension Confirmation". Then set up a scheduled task that will run a query to see if there are any tickets close to that expiration date and have it trigger the Send Extension Email action.
Once a ticket has been moved to that "Awaiting Extension Confirmation" status, give the requester an Extend or Don't Extend option. What I would do is set the "Extend" action up as a collection and have a date field on that form for "Extend Until". Once they have selected that I would use that date to update the Expiration Date field on the main request and send it right back to closed (which the scheduled task will pick up again if necessary).
If they were to choose "Don't Extend" then set a boolean on the main form for "Extension not Required" and just be sure to set your query to take that into account (flag is not true) and it shouldn't get picked up in the query again so the scheduled task will skip it.
Hope this makes sense. This is just my thought pattern. It takes longer to type it up to actually do it. Good luck.