#We will have remote users connecting via frame relay to a peering point outside our #firewall. They want to authenticate onto our domain to use network resources and MS #Exchange mail. From the start, Netbios would have to be allowed through the firewall. Is #this an issue since this is frame-relay and not the Internet? You should only need TCP ports 135 and 139 as well as UDP ports 137 and 138. First of all, these frame relay sites should be on a dmz and not on the external side of the firewall. What you are opening yourself up to depends upon the security of those remote sites. If they do not have an Internet connection, it is less risky than if they do. If they do have an Internet connection you may want some gaurantees about how they secure that connection. I would try to use some sort of strong authentication like SecurID or SafeWord and I would also place some intrusion detection device on the dmz the frame relay conection is on. If they do have an Internet connection you might want to look at a VPN instead as it would be a lot cheaper. Regards, Jeffery Gieser - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
