The Challenges of a Firewall Administrator

A firewall administrator must have a good understanding of the applications and the way they work behind the scenes. Some protocols are unruly in their communication pattern and some put layer 3 and layer 4 addressing in payload which adds another twist to the problem. at last, sometimes the direction which the protocol is initiated is unclear!
When working with firewalls to provide access to services and applications the following must be considered carefully :

1. Some protocols are untruly in their communication (FTP)
   
2. Some put addressing in payload (FTP, SIP, PPTP)
   
3. Some confuse us about the direction of the communication (SNMP, SNMPTrap)

So anyone who is in complete charge of a firewall needs to know how the communication of protocols happens.
Do we need an inbound or outbound connection? (Where will the traffic be initiated?)
Is it TCP or UDP or do we need to put a protocol number?
Do we also need to handle address translation in payload?

All this brings up a great challenge to a firewall administrator which makes him to get to know applications and protocols well enough to tackle the problems.