[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: [Sidewinder] Cleo Lexicom EDI to DCX not working through Sidewinder
From: sidewinder () adeptech ! com
Date: 2004-05-21 14:51:11
Message-ID: 200405231505.i4NF5rn21188 () aag ! adeptech ! com
[Download RAW message or body]
Yesterday morning we switched our WAN over to our new Sidewinder G2 6.1.0.01 firewall \
(from a Symantec Enterprise Firewall 7.0.4). We have a customer on our WAN \
(different subnet across a router) that uses Cleo Lexicom software on a Linux server \
to do EDI with DaimlerChrysler (DCX). For some reason, this fails on the Sidewinder \
G2. I verified it still works on the old firewall by changing the route for their \
router back to it.
While this traffic was still on the new firewall, I watched both the audit log and \
tcpdump on both firewall interfaces. What I saw in the audit log was the conn_open \
via the ACL using the correct rule. Then, about 80 seconds later, I see the \
conn_close, with nothing in between. In the tcpdump for the external interface \
(em0), I see the three-way TCP handshake take place between the firewall (proxy rule) \
and the DCX server. Then, nothing else comes from the DCX server. I continue to see \
attempts by the firewall proxy to talk (via HTTPS) to the DCX server for a a while \
afterwards before it gives up. On the internal interface (em1), I see the three way \
handshake between DCX and the Lexicom server, and then nothing else.
As a test, I set up an IP filter rule for this traffic so I could eliminate the proxy \
and packet inspection. I created a rule that allowed all TCP traffic from the \
customer Lexicom server to the DCX server. The results were the same. I also tried \
turning off inspection on the proxy rule, with the same results.
Right now, we're checking settings in Lexicom to see if something needs to be \
changed, and the customer is calling DCX EDI support. I'm also going to open a tech \
support case with Secure Computing. I was hoping someone on the list has experience \
with Cleo Lexicom and DCX communications and might know exactly what's going on. Of \
course, that's pretty unlikely....
Any help would be greatly appreciated.
-----------
Rod Johnson
mushin@techie.com
--
___________________________________________________________
Sign-up for Ads Free at Mail.com
http://promo.mail.com/adsfreejump.htm
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic