Hi Max, Well, I don�t understand very what is your problem, but I think that If you need open a specific ports in the FW1-A, I recommend to open ports matching with the IP address of the specific client A. See you later. Javier. Max Ho wrote: > This question was asked sometime ago by somebody else but got only one > response from the list. I am posting the question again in hopes of a > second and perhaps a third or fourth opinion. The scenario is as > follows; Users behind FW1-A were told to use Secure Remote to connect to > FW1-B which belongs to another organization. Folks at FW1-B are asking > that ports TCP 256, TCP 259, UDP 256, 137, 138, 139 on FW1-A to be > opened for the users behind A to get to B. > > Questions; > 1. Is it possible to compromise the network security behind FW-A using > the VPN connection established between the users' clients and FW1-B? > That is, can machines behind FW1-B get into the network behind FW1-A > with this arrangement? > 2. Why is it necessary to open ports 256, UDP 259, 137, 138, 139? What > risks are involved with these ports opened? > > Any opinion from experts on this list is much appreciated. > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
