Nope - I proxy SSL through my squid box. Of course, I don't actually inspect the traffic, but I do log the URLs. It stops potential zombies that don't understand/respect IE or FF proxy settings.
On Tue, Sep 28, 2010 at 17:13, James Hill <james.h...@superamart.com.au> wrote: > 443? Isn't that the port to connect to your external proxy server so you can > bypass any internal filtering? :) > > Unless of course the internal filtering has good https inspection. Not many > do though. > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Wednesday, 29 September 2010 4:03 AM > To: NT System Admin Issues > Subject: Re: Outbound firewall ports > > Ports 21, 80 and 443, and only for the proxy server. I have ssh open outbound > to specific customer sites that we support . > > I was forced to open 544 (rtsp) recently for a live video event, but did that > for a single IP address so that the machine showing the event in the > lunchroom could get to it. > > I allow DNS outbound only for our DNS servers, and NTP for our NTP servers. > > That covers most of it. > > On Tue, Sep 28, 2010 at 10:55, Tom Miller <tmil...@hnncsb.org> wrote: >> Folks, >> >> Anyone have a list of the protocols/ports they allow outside their >> firewalls? I am locking down our firewall outbound traffic to certain >> ports and am looking for other "standard" items I may be missing. >> >> Thanks >> Tom >> >> Confidentiality Notice: This e-mail message, including attachments, is >> for the sole use of the intended recipient(s) and may contain >> confidential and privileged information. Any unauthorized review, use, >> disclosure, or distribution is prohibited. If you are not the intended >> recipient, please contact the sender by reply e-mail and destroy all >> copies of the original message. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
