comp.security.firewalls archive
Minimum Ports open in a personal firewall
Date: Sat Jul 30 2005 - 21:33:14 CEST
I use Sygate at my firm, and use auto-location switching. When users
are inside the network (and on the domain), they have just about
everything open (with IDS still active). When they are outside of the
network, they are running the default protection.
I would really like to lockdown the external profile. My original plan
was to block ALL Incoming ports, and block all Outgoing ports except
20, 21, 80, 443, and 10000 (for vpn). I think this would give them
http and ftp access regardless of what network they are on, and when
they use the vpn to connect to our internal network, any other ports
that our software uses (like Outlook = 25) would be encapsulated in the
vpn tunnel without issue.
My concern now is about properly getting a DHCP assigned address, and
using DNS to resolve Internet sites. Basically the fundamental stuff
for getting on a network.
Rick
http://www.antisource.com/
Received on Thu Sep 29 19:59:52 2005