> The big scary-looking range of ports (1024-65535) are outbound UDP ports, > which is a very common requirement. A lot of firewalls allow this by > default because it can be (sometimes incorrectly) assumed that a > connection > originating from behind the firewall going out to the internet should be > allowed.
Are you sure??? From my expiriences more than half of the danger come from inside a network! Think of trojans, bad employees and so on. It is not a good idea to open a lot of ports. Maybe you can use the H.323 support of netscreen? Robert -- http://board.protecus.de - Firewalls, Security and more ...
