What would be the best practice for port restrictions on DMZ relays be? We have an internal debate going if our firewall should allow the outbound UDP ping over 52311. The concern is “the IP address might be wrong”. My thought is… who cares! Worst case a non-corporate IP address/device gets a message it ignores. Or maybe it checks it’s mailbox for another root!
We’ve been using DMZ relays forever…and just added a bunch in Azure. The bottom line is that it won’t matter…Internet endpoints aren’t going to get UDP packets.
I agree, it’s highly improbable, but possible if directly connected to the internet.
For what’s worth… I do allow…
1 Like