Just curious on your guys' opinions about port security. Had this discussion at work about opening up new ports for someone to use citrix web client to connect to their school. The schools site says it needs 80 and shit i dunno 1493 or something two ways tcp. Now im wondering if it really requires two way implicit or if its just allow it outbound and then our firewall will allow the appropriate return inbound packets, or if it actually needs to be able to recieve on those ports without first making a outbound connection. However the latter sounds unlikely to me. Now this has got me thinking on what real best practices are these days? Does tunneling make a mess of the traditional style of port security or is it still just as relevant?