For IT Pros This page contains information about the "Mostly Closed + Remote Administration" campus firewall group.
The Mostly Closed + Remote Administration firewall group is designed for web or email servers, allowing access to those services without being fully exposed to the Internet. It can be too permissive for some desktop systems, and too restrictive for other types of servers.
The difference between the Mostly Closed group and this group is that this group allows users and administrators to remotely administer the computer from off campus. In this group, additional ports are allowed for remote administration and other newer services that were not originally part of Mostly Closed have been added to Mostly Closed + Remote Administration (such as Secure SMTP).
Note, in 2017 the Chief Privacy and Information Security Officer placed significant restrictions on inbound traffic for Apple Remote Desktop services. As such, the only remaining ports allowed in the +RA modifier for Apple Remote Desktop are ports 3283 and 5988. Port 3283 is scheduled to be removed on July 18, 2019. Other ports in the +RA modifier can be found here port list.
Like the Mostly Closed group, HTTP, HTTPS, IMAP, secure IMAP, POP3, secure POP, FTP, SFTP, SMTP, and H.323 are allowed. (A specific port list is available.)
Assuming that a machine uses the standard ports for its services, placement in this group means that users from outside the firewall will be allowed to initiate connections with encrypted and unencrypted web servers, mail servers, FTP sessions, and voice-over-IP connections on machines in this group. However, no other services will be accessible to outside users if a machine is in this group.
All (except the ports that are always blocked in both directions)