Hello,
I have a web server on my DMZ running IIS 4.0 and MTS 2.0 with and ODBC
connection to a MS-SQL server behind our firewall. It was decided that it would
be more secure to remove MTS from the web server and but it on the DB server or
another server on the same subnet (basically remove it from the DMZ).
Now you do this on MTS by exporting the specific package you need which creates
a clinet install program that you run on the web server. However, I'm having a
problem with the configuration of my firewall. Now I have two rules one letting
everything from web server to mts server and vive-versa (this is in a test
environment so it's safe for now). Looking at the logs the web server makes an
initial udp connection using port 135 and then it picks a random udp high port.
Also I need the second rule even though it is using the same ports (I don't know
wh the fw does not see this as a reply and let it through).
Opening udp high ports from my dmz to my internal network is not very secure.
Does anyone know how to limit the port range? Has anyone done this before?
Thanks,
Joe
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
