Bill Marquette wrote: >> or others that could make use of mechanisms like dynamic allocation of port. > That could cause you problems potentially. But would be no different > in any other firewall that didn't already understand your protocol. I > regularly force vendors to redesign their applications to not use > dynamic ports at work, it's a stupid design and really, there's zero > reason to do it (other than sheer laziness on the developers side - or > pissy legacy reasons when it comes to FTP, which is still not a good > excuse IMO).
java RMI being one major PITA! we've developers working from home and trying to get their openvpn connections working was a massive PITA. <rant> developers being developers seem to think that security considerations can be swept aside to let them do whatever they "need" to do. </rant>
