[lug] Software demo through firewalls?

Michael D. Hirsch mdhirsch at mail.com
Fri May 24 07:12:42 MDT 2002


Shannon Johnston writes:
 > Well, as a corporate FW admin I can offer my input.
 > 
 > There are really 2 options that the corporations have in their fw rules.
 > One is that they will allow outbound traffic from their networks on any
 > port and accept the return traffic as long as it matches a stateful
 > connection.
 > The other is that they proxy all outbound connections and severely limit
 > the privileges of the employees. The proxy would filter ALL traffic,
 > most likely limit it to port 80 HTTP traffic, and then disallow certain
 > packets for violation of network useage policy.

These may be the only rational options, but that isn't to say they are
the only ones in use.  My previous company blocked all ports but 80.
I beleive they let everything out port 80.  There was no proxying.

Was this rational?  Perhaps not.  But it is what they did, and I think
it is not so uncommon.

--Michael



More information about the LUG mailing list