There's always a battle between System Admins who want everything locked down, and Devs who want everything open. One fine day (shortly before launch of course) , our client was having their environment set up for Kentico MVC. We finally had it all going, the database copied and Kentico set up, but we were running into a weird issue. The Contact form was acting funny and not submitting on the new live environment. There was no event log errors to go off of, it just didn't work. After digging through the component source, finally we realized what the issue was: They disabled outbound internet connection, which means ReCaptcha couldn't verify the result with Google, and it was silently blowing up. The client had mentioned earlier if it was okay to block outbound traffic, it slipped my mind. Had I thought further on the implications of this, I probably wouldn't have spun my wheels for the couple hours.
Lesson learned: There is a delicate balance of securing a server, and constricting the life out of it. You should definitely weight out the risks and benefits, and be aware that if they want it locked down, you'll need to be fully aware of what firewall rules, ports, and other things you'll need for things to work properly.