-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nope, you only have to open the two inbound ports. Outgoing
connections are dynamic, and your firewall should allow those without
specifically creating rules for these.
It might help if you could specify where the server and the clients
are located (in relation to the firewall), and what type of firewall
you use.
Regards,
Frank
> -----Original Message-----
> From: Smith, Matthew [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 05, 1999 12:44 PM
>
> My company sells a client-server library automation
> application. In order
> to operate the clients behind a firewall, we require that 1
> inbound port
> plus one inbound port per client and 250 outbound ports
> (total) be opened at
> the firewall. The 2 inbound ports are for the logon and
> control connections
> and the outbound ports are to allow for up to 250 concurrent
> connections to
> the server.
>
> Now, here's the rub. We have a client who believes that the design
> is flawed. In fact his response was why even have a firewall if
> you have to open that many ports? He insists that it is impossible
> to open that many ports on his firewall and also that he cannot
> open a range of ports, only individual ones. I am no firewall
> expert, but this doesn't sound right to me. If he wants to allow
> ftp, he has to open all outbound ports above 1024, right? I would
> assume that other client-server applications also require opening
> ports - you can't communicate without them. Am I missing
> something here? Any enlightenment (or ammunition) would be greatly
> appreciated. Thanks.
>
> Matthew
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOCNJRURKym0LjhFcEQLXzACg66KMqf0tNWKWvJL0p+oPTMaW0NsAoJdU
TjKEjFeZsJDSqSh2aRCnZ9OW
=PAjy
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
