cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1479
Views
0
Helpful
1
Replies

Open a Port on Firewall for EDI on Production Server in Trusted Zone

JKwan
Level 1
Level 1

I am working with a software vendor to implement EDI for our ERP system. They installed the EDI software on a production server in the internal network (trusted zone). Two connections were configured in the EDI application:

 

1. Remote Host - connect to a 3-party location (EDI provider) to push files.

2. Local Host - listen on port XXXXX to receive files from the remote host above.

 

In order for the remote host (EDI provider) to push files to us, we were asked to open port XXXXX on our firewall and forward to the production server. Although we can set up the firewall to allow only the IP of the EDI provider to access this port, I am still skeptical if this is secure enough.

 

The software vendor claimed that they have been doing the exact same things for their other customers and there is a security certificate installed on each side for authentication and encryption.  I wonder if this is a common practice in the industry.

 

Should the EDI software be running In a DMZ?  Can someone shed some lights on this please?

1 Reply 1

Although it is common practice in SMB networks to forward internet traffic into the internal network, it's not a best practice. If the system get's compromised, the internal network is also easy compromised.

Systems like these should be placed in a DMZ. And given that building a DMZ is not a rocket-science and every firewall nowadays is capable of doing that, you should not accept this suggestion.

Just my two five cents ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: