On Dec 24, 2007 5:41 AM, Paul M <[EMAIL PROTECTED]> wrote: > Bill Marquette wrote: > >> or others that could make use of mechanisms like dynamic allocation of > >> port. > > That could cause you problems potentially. But would be no different > > in any other firewall that didn't already understand your protocol. I > > regularly force vendors to redesign their applications to not use > > dynamic ports at work, it's a stupid design and really, there's zero > > reason to do it (other than sheer laziness on the developers side - or > > pissy legacy reasons when it comes to FTP, which is still not a good > > excuse IMO). > > java RMI being one major PITA!
Yup, that's one of them there bad protocols ;) > we've developers working from home and trying to get their openvpn > connections working was a massive PITA. > > <rant> > developers being developers seem to think that security considerations > can be swept aside to let them do whatever they "need" to do. > </rant> That's "users" in general. Developers just tend to be in a rush more than most users due to working on projects that are often over promised and under manned. --Bill