[EAP56]

Hi, if I am not mistaken there are only two strategies that can be incoporated in the setup of the classic firewall rules. They are;

- Block specific ports and allow all others
- Allow specific ports and block all others

I attempted to use the "Allow specific ports and block all others" strategy. Basically, I would monitor the traffic that a PC is recieving or sending and create rules that would allow only the traffic that I saw appropriate. What I have noticed is that there are applications that require to use random ports from 1024 to 65534. One such example is a remote control software that we use. All PC's have this software and therefore all PC's need to be able to communicate on all those ports. This almost negates the firewall.

What strategies have you incorporated for your firewall rules?

Thanks.