little help - ports to let through LAN firewall?
#1
little help - ports to let through LAN firewall?
I'm setting up a new firewall appliance this weekend and am just making a note of the typical ports i'll need to open up for the network:
HTTP, 80
RDP, 3389
POP3, 110
SMTP, 25
VNC
PING
FTP, 21
DNS, 53, UDP
HTTPS, 443
anything else ?
HTTP, 80
RDP, 3389
POP3, 110
SMTP, 25
VNC
PING
FTP, 21
DNS, 53, UDP
HTTPS, 443
anything else ?
Last edited by spectrum48k; 24 October 2007 at 03:28 PM.
#6
supports Stateful packet inspection, etc...
why would FTP be an "****" ? Can you enlighten me, as I'm a newbie with this stuff - do you mean from a port forwarding point of view over NAT ?
Last edited by spectrum48k; 24 October 2007 at 03:30 PM.
Trending Topics
#8
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
Yes what big ***** said
My Cisco 877W copes with it fine but my old Draytek 2600 wouldn't, limiting outgoing ports. With no outgoing ports limited it will be fine.
as an example nero website, download via FTP it makes a port 21 connection and a random port above 1024, with block except certain ports this causes problems
IIRC the 3300 has an FTP inspect feature but I didn't see that on the 2930
Id also be wary of allowing VNC out as well, especially if it's unencypted (as VNC can be). RDP is encrypted but users can share there drives, this could introduce a virus onto the network. From a security dudes point of view
My Cisco 877W copes with it fine but my old Draytek 2600 wouldn't, limiting outgoing ports. With no outgoing ports limited it will be fine.
as an example nero website, download via FTP it makes a port 21 connection and a random port above 1024, with block except certain ports this causes problems
IIRC the 3300 has an FTP inspect feature but I didn't see that on the 2930
Id also be wary of allowing VNC out as well, especially if it's unencypted (as VNC can be). RDP is encrypted but users can share there drives, this could introduce a virus onto the network. From a security dudes point of view
#9
Yes what big ***** said
My Cisco 877W copes with it fine but my old Draytek 2600 wouldn't, limiting outgoing ports. With no outgoing ports limited it will be fine.
as an example nero website, download via FTP it makes a port 21 connection and a random port above 1024, with block except certain ports this causes problems
IIRC the 3300 has an FTP inspect feature but I didn't see that on the 2930
Id also be wary of allowing VNC out as well, especially if it's unencypted (as VNC can be). RDP is encrypted but users can share there drives, this could introduce a virus onto the network. From a security dudes point of view
My Cisco 877W copes with it fine but my old Draytek 2600 wouldn't, limiting outgoing ports. With no outgoing ports limited it will be fine.
as an example nero website, download via FTP it makes a port 21 connection and a random port above 1024, with block except certain ports this causes problems
IIRC the 3300 has an FTP inspect feature but I didn't see that on the 2930
Id also be wary of allowing VNC out as well, especially if it's unencypted (as VNC can be). RDP is encrypted but users can share there drives, this could introduce a virus onto the network. From a security dudes point of view
there's only 1 VNC connection, where a trusted remote client will be using it to remotely VPN into a workstation.
As for RDP, there's only me who'll use it to administer the workstations behind the firewall and I trust my Kaspersky to keep me clear of viri !
I'll check out the FTP issue
Last edited by spectrum48k; 24 October 2007 at 05:31 PM.
Thread
Thread Starter
Forum
Replies
Last Post
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM