[fw-wiz] EDI (AS2) Configuration

WarrenPaul_at_russellcorp.com
Date: 10/26/05

  • Next message: Alan Holmes: "RE: [fw-wiz] Pix 501 & 506 PixOS 7.0 compatability"
    To: firewall-wizards@honor.icsalabs.com
    Date: Wed, 26 Oct 2005 15:44:24 -0500
    
    

    We're researching several different EDI systems and are currently gathering
    infrastructure information from the vendors. One area of concern that has
    come up is the component placement within the various firewall security
    zones (Internal/External/DMZ). Some vendors have an AS2 "listener" within
    the DMZ that receives AS2 communications from the trading partners,
    validates the data, and forwards it on to the application servers within the
    internal network. Other vendors recommend allowing the trading partners to
    communicate directly with the application servers on the internal network.
    They claim that there is enough security in the application to prevent abuse
    of the server/network.

    I see three possible configurations -

    1) Systems with AS2 communications via a "listener" in the DMZ
    2) Systems with AS2 communications via a reverse http proxy in the DMZ
    3) Systems with AS2 communications directly to internal servers

    I suppose I prefer them in the above order. Several vendors are pretty
    insistent that #3 is "good enough" because of their "excellent software" -
    I'm inclined to compromise with #2 instead.

    I'd appreciate any info anyone can offer on implementing this type of app
    (AS2-based EDI). Do I have these configurations ranked appropriately (from
    a network security perspective)? Are there configurations I'm not
    considering? Is it fair to say that configuration #3 is a "worst-case"
    scenario (from a network security perspective)?

    Any constructive comments are welcomed and appreciated!

    - Paul
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Alan Holmes: "RE: [fw-wiz] Pix 501 & 506 PixOS 7.0 compatability"

    Relevant Pages

    • Re: Patch 3.2.2
      ... I just logged in and the servers are lagging bad for anything trade- ... related, including the AH, mail, crafting, and vendors. ...
      (alt.games.warcraft)
    • Whose servers do you use?
      ... So this is sort of a FAQ, but I haven't seen it anywhere. ... I'm interested in knowing what servers/server h/w folks are using, ... Need to buy/build half a dozen or so new servers, half will be web servers, ... pointers to good vendors, or info on this subject greatly appreciated, ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Patch 3.2.2
      ... I just logged in and the servers are lagging bad for anything trade- ... related, including the AH, mail, crafting, and vendors. ... My server is lagging bad for EVERYTHING. ...
      (alt.games.warcraft)
    • Patch 3.2.2
      ... I just logged in and the servers are lagging bad for anything trade- ... related, including the AH, mail, crafting, and vendors. ...
      (alt.games.warcraft)