My situation:
Upgrading the TCP port of an application with an installed base of thousands of users, all uncontrolled users(anonymous, individuals, or businesses) from different locations across the globe.
The application used port 2222 to pass traffic. This was cumbersome because every day people would call "the software doesnt work!" and it had to be explained to each and everyone to open up port 2222 for tcp traffic. This was difficult with the newbies who didnt know what a firewall was. And Windows Firewall just makes it even worse (hate that windows firewall)
Next we had a great idea -- let's use port 80 since everyone has port
80 open to the world. Well this worked great but now we have users calling in saying "it will connect but I get nothing back". This is because their firewall or ISP is acting as some form of a proxy server or is not allowing persistent socket connections.So I am given the task to figure out how AOL instant messaging and all these big boys are getting around firewalls. Or not so much to "get around the firewall", but how to best work with the firewall.
Do I just create two different policies:
- connect via port 80.
- if it fails, connect via 2222
Is there a better design? Has anyone encountered this and done extensive research? I cant find any documentation on how "big boys" are handling this