A vendor who supplies our company with billing and accounting software has servers within our network (not the DMZ). I don't have a choice in this. I am not permitted access to their servers so I can't verify anything about them other than the address. Basically I am being told "Do this."
They have developed an application on one of the servers that mobile users will need to access. The application is accessed via https. Because 443 is already reserved for our email server (webmail) in the DMZ, they will use 8043. I have always been under the impression poking holes in the firewall to the private network is a no-no.
How big of a deal is this? Can I do anything to minimize the danger to the rest of our network? There are many computers on the private network that must access this server internally as well, so I can't firewall it off from...