You maintain an extremely protective policy when configuring your firewall rules. Your security policy denies all inbound connection requests to your corporate network.
How is it possible that you still experience remote exploits your adversaries are using to obtain interactive sessions inside your firewall?
TCP splicing is easy to do.
Internal software may be vulnerable.
UDP vulnerabilities are well-known and exploited.
ICMP hijacking attacks can still succeed through any firewall.