lefcakis
Contributor
Contributor

View 4.6 and Wyse P20 WAN connection

Our corp. network only allows 443 and 80 to the outside.  Is there anyway to get a Wyse P20 to connect using only 443 to the Security Server? 

From what I can figure out, the answer is now. 

Which leads me to my next question.  What is the point of the Security Server?  I can just open firewall ports to my connection server.  (if I wanted to do that)  seems to me that it would be better to allow 443 from the world to the security server, and then the security server can proxy to the connection server and the desktops...

I thought this was the idea of 4.6?

Having any port other than HTTPS to the outside is not a secure network...

0 Kudos
5 Replies
Mickelonis
Contributor
Contributor

I am also interested in the answer to this question....

0 Kudos
lefcakis
Contributor
Contributor

well, I did some digging and it turns out that you need to have 4172 open to the world.  It is EAS 128 encrypted, but nevertheless, it is a port other than 443/80 open.

I would suspect this is going to be a problem for most major corperations.

0 Kudos
Linjo
Leadership
Leadership

I think this is an interesting question since I do not understand why one port would be more secure then another?

What makes 80/443 more secure then 4172? I am sure you have many other ports open as well for DNS etc..

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
0 Kudos
lefcakis
Contributor
Contributor

Well, that's a good point.  But I think it our security folks here are looking at it from a FootPrint.  We have almost zero exposure to the outside networks.

0 Kudos
Linjo
Leadership
Leadership

I have heard the same thing from some of my customers so I guess its not uncommon.

But what I do not understand is the reasoning of the security-folks, if you want to be 100% secure then they should hide and lock away the servers somewhere and not let anyone or anything access them..

From my point of view (no pun intended) this is all about risk vs usability.

I have a feeling that these guys think its their job to say no to everything they do not have any knowledge about.

Had a similar discussion the other day with a guy who would not let in UDP through his firewall "cause it was not secure enough", that worked a few minutes until I asked if they are allowing DNS traffic tru the fw...

I think you have some lazy secrurity-folks who should wake up and try to keep up with the industry.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
0 Kudos