Open a Port on Firewall for EDI on Production Server in Trusted Zone
I am working with a software vendor to implement EDI for our ERP system. They installed the EDI software on a production server in the internal network (trusted zone). Two connections were configured in the EDI application:
1. Remote Host - connect to a 3-party location (EDI provider) to push files.
2. Local Host - listen on port XXXXX to receive files from the remote host above.
In order for the remote host (EDI provider) to push files to us, we were asked to open port XXXXX on our firewall and forward to the production server. Although we can set up the firewall to allow only the IP of the EDI provider to access this port, I am still skeptical if this is secure enough.
The software vendor claimed that they have been doing the exact same things for their other customers and there is a security certificate installed on each side for authentication and encryption. I wonder if this is a common practice in the industry.
Should the EDI software be running In a DMZ? Can someone shed some lights on this please?
Re: Open a Port on Firewall for EDI on Production Server in Trusted Zone
Although it is common practice in SMB networks to forward internet traffic into the internal network, it's not a best practice. If the system get's compromised, the internal network is also easy compromised.
Systems like these should be placed in a DMZ. And given that building a DMZ is not a rocket-science and every firewall nowadays is capable of doing that, you should not accept this suggestion.
Hi All, A customer wants to authenticate Anyconnect VPN users from an ASA using the client installed certificate and then with AD. i.e. Is this a corporate device?Would we recommend authenticating the cert on the ASA then passing the AD check to ISE ...
Hello Team, we are getting alert in FMC stating policy deployment failed, we are running on 6.2.0 version and not sure which version is stable version to re mediate this issue, in one event i have seen restart will resolve this issue but is it perman...
Threat Hunting 101
In the latest Cisco Cybersecurity report, we explore all there is to know about threat hunting and provide a how-to guide for creating a threat hunting team.
Here are some of th...
What Is Cisco Identity Services Engine?
Cisco Identity Services Engine (ISE) is an all-in-one enterprise policy control product that enables comprehensive secure wired, wireless, and Virtual Private Networking (VPN) access.
Cisco ISE offers...
To participate in this event, please use the button to ask your questions
(This event was formerly know as Ask the Expert event)
This topic is a chance to discuss more about the best configuration and troubleshooting pr...