When we first got a firewall we decided to start that way and only open
what we needed inbound and outbound. It can be a pain when we need to
open something new, but it does help with P2P and other such things
since most of the higher end ports they require are closed.



-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
Sent: Wednesday, April 18, 2007 4:45 PM
To: [log in to unmask]
Subject: Re: [Offtopic] Nintendo Wii

yikes - it's not bob jones university per chance is it?

joking aside, what is the reasoning behind blocking all outbound ports 
except those specifically sanctioned?

Grzeczka, Timothy J. wrote:
> We actually really hammer down on outbound ports. Many things don't
work
> 24/7 off our network. Things like video game consoles and games only
> work off hours on the weekend:
>
> Fridays 5pm - Saturday 7am
> Saturday 5pm - Monday 7am
>
> We also only open outbound ports based on need.
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators
> [mailto:[log in to unmask]] On Behalf Of Cal Frye
> Sent: Wednesday, April 18, 2007 3:54 PM
> To: [log in to unmask]
> Subject: Re: [Offtopic] Nintendo Wii
>
> Grzeczka, Timothy J. wrote:
>   
>> I have done some research on the Wii and other game systems to get
>>     
> them
>   
>> to work through our firewall. It's a matter of opening specific
>>     
> outbound
>   
>> ports. I found this info on Nintendo's website:
>> http://www.nintendo.com/consumer/systems/wii/en_na/onlineFirewall.jsp
>>
>> TCP: Allow traffic to all destinations on ports: 28910, 29900, 29901,
>> 29920, 80, and 443 
>>     
>
> Just curious, what /outbound/ ports do you block, besides the obvious
> NetBIOS, and relatively few others?
>
>