I am working with a software vendor to implement EDI for our ERP system. They installed the EDI software on a production server in the internal network (trusted zone). Two connections were configured in the EDI application:
1. Remote Host - connect to a 3-party location (EDI provider) to push files.
2. Local Host - listen on port XXXXX to receive files from the remote host above.
In order for the remote host (EDI provider) to push files to us, we were asked to open port XXXXX on our firewall and forward to the production server. Although we can set up the firewall to allow only the IP of the EDI provider to access this port, I am still skeptical if this is secure enough.
The software vendor claimed that they have been doing the exact same things for their other customers and there is a security certificate installed on each side for authentication and encryption. I wonder if this is a common practice in the industry.
Should the EDI software be running In a DMZ? Can someone shed some lights on this please?