The rule is "Thou Shalt Not Open ANY hole from an UNTRUSTED source (DMZ)
to a TRUSTED source (Corp. LAN)"
Ask yourself what happens if someone finds an exploit for ICA or
NetBIOS?
[EMAIL PROTECTED] wrote:
>
> Hello,
>
> I was hoping to get some quality answers from all you professionals out
> there about some ports I have been asked to open up on our firewall.
>
> We have a Watchguard Firebox II firewall connected to the Internet
> (External), the corporate LAN (Trusted) and our DMZ (Optional) which is
> locked down tight except for only the essential ports to allow the servers
> to do their job.
>
> The ports I have been asked to open are:
>
> 1494 - ICA
> 1604 - ICABrowser
> 139 - Netbios Session Service
>
> The is to allow a Citrix server in our DMZ to communicate back through to
> our corporate LAN (Trusted) to another Citrix server.
>
> Can you tell me if I'm about to open up a can of worms, or am I ok to open
> up these 3 ports?
>
> What is ICA and ICABrowser anyway? I asume its a Citrix related service?
>
> Please advise
>
> Regards
>
> Simon
>
> **********************************************************************
> If you are not the intended recipient of this e-mail and have received it
> in error, you are on notice that the e-mail and any attached files are
> confidential. Please notify us immediately by reply e-mail and then delete
> this message from your system. Please do not use, distribute, copy or
> take any action in reliance on it as to do so could be a breach
> of confidence. The sender does not accept any responsibility for any
> loss, disruption or damage to your data or computer system which may occur
> whilst using data contained in, or transmitted with, this e-mail. Thank
> you for your co-operation. If you need assistance, please contact
> Maritz Ltd - tel.: +44 (0)1628 486011 or e-mail: [EMAIL PROTECTED]
> **********************************************************************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
