Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2193
Views
10
Helpful
6
Replies

SX20 defaulting to Behind Firewall In TMS

caryrocker
Level 1
Level 1

‎09-19-2012 06:00 AM - edited ‎03-17-2019 11:49 PM

Our TMS is defaulting SX20 behind the firewall eventhough it is on the same LAN.

Has anyone ran into this before or have any pointers ?

Any help will be great !!!!

Regards

Labels:
0 Helpful
6 Replies 6

Justin Ferello
Level 5
Level 5

‎09-19-2012 06:02 AM

Rizwiz,

Just putting it out there, I too have a customer with this same problem.  We do not have a solution yet, but we are working on it.  I have several SX20s on my network and have no problems with TMS.  What version of TMS are you running?

Thanks,

Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ
0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee
In response to Justin Ferello

‎09-19-2012 06:57 AM

So Justin

As we discussed, the IP address that the TMS is communicating with is different than the one contained in the system identification. TMS is designed to do this as described in my previous post (snippet from the documentation). I don't know if there is a way to bypass this as according to what you told me the system is indeed behind a firewall from a technical perspective but you have a LAN Tunnel up. The ip that the TMS communicates with is however still different. Maybe someone else here knowns if there is a way to bypass this.

And since you have not filled out the "Behind Firewall" address the system will get to No HTTP status after a while since the system does not know how to reach the TMS with the address the TMS feeds it (blank).

Hope this helps you a little bit at least!

/Magnus

Justin Ferello
Level 5
Level 5
In response to Magnus Ohm

‎09-25-2012 11:19 AM

Magnus,

You were correct.  The dealer did not have anything in the 'Behind a Firewall' address in TMS, so we put in the proper IP.  However even after doing this we still had the same problem.  With the help of Magnus we were able to determine that the IP that the SX20 was reporting to TMS was different from the IP in the packet header.

We discussed this discrepancy with their network guy and he determined the IP in the packet header was from their 'Threatwall' appliance.  He then added the SX20 IP to the whitelist on the 'Threatwall'.  As soon as he did this we were able to add the SX20 without any problems and it stayed as 'Reachable on the LAN'.

Magnus, thanks again for help!

Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

Magnus Ohm
Cisco Employee
Cisco Employee

‎09-19-2012 06:11 AM

Behind firewall

Setting Behind firewall as System Connectivity will make Cisco TMS communicate with the endpoint in much the same way as Reachable on Public Internet, except Cisco TMS  will not be able to tell the endpoint to dial and must therefore set up  a route where for example an MPS is calling to the endpoint. All  communication between the system and Cisco TMS will be HTTP over port 80 or HTTPS over port 443.

Cisco TMS  will automatically detect that a system is a SOHO system when the IP  address the endpoint reports in status.xml is different from the IP  address the HTTP packets are coming from, and the HTTP (port 80) and  HTTPS (port 443) ports are closed. Cisco TMS will then set System Connectivity to Behind Firewall.

What does a wireshark trace on TMS and the codec show you in regards to the content of the status.xml or where the packets are coming to/from?

/Magnus

0 Helpful

gubadman
Level 3
Level 3
In response to Magnus Ohm

‎09-19-2012 06:16 AM

I've seen this on dual stacked networks. i.e. packets coming from IPv4 address and IPv6 address reported in status.xml

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee

‎09-25-2012 01:36 PM

Thanks for sharing justin

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents