got a watchguard soho setup behind a completely open verizon router. everything in the soho list is "denied" in incoming except for a few specific services we need. TCP and UDP on one port in the 10000 range, plus ipsec. If I go to the shieldsup! site and do a scan, the only port that comes up "closed" instead of stealthed is port 53 for DNS.
Now, I have DNS set up on our win2k server, and the DNS open on the watchguard. If I close it off on the watchguard, will I still be able to fully utilized DNS for my internal network?
Also, any good advice on hardening the firewall more? like creating special services to close down unused ports?
We don't have anything special going on here, not even exchange. Just HTTP and some vpn connections.
thanks,
jt
