Hi, I am currently faced with allowing a *bunch* of remote workstations (at a JV) access to license servers on our internal net. The protocol/service for checking in and out the licenses is FlexLM. The workstation that needs to check out a license initially connects to the server on a known port (i.e. 7711), however the server sends the client a completely random port >1023 to initiate a new connection back on to continue the license check-out procedure. Although we have quarantined and secured the internal license servers as much as possible, I am not sleeping well allowing 'tcp-high-ports' from all of these untrusted workstations (which works). I *think* there may be a way with the Firewall-I INSPECT language to say "allow TCP high ports" AFTER the workstation has already connected on one of the known ports...maybe with dynamic tables??? I have been reading up on INSPECT, I have no clue where to start. Anyone out there with INSPECT experience who can let me know if a) this is possible and better yet b) how to do this would be very appreciated. Many Thanks! --Tina - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
