cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1993
Views
10
Helpful
6
Replies

SX20 defaulting to Behind Firewall In TMS

caryrocker
Beginner
Beginner

Our TMS is defaulting SX20 behind the firewall eventhough it is on the same LAN.

Has anyone ran into this before or have any pointers ?

Any help will be great !!!!

Regards

6 Replies 6

Justin Ferello
Contributor
Contributor

Rizwiz,

Just putting it out there, I too have a customer with this same problem.  We do not have a solution yet, but we are working on it.  I have several SX20s on my network and have no problems with TMS.  What version of TMS are you running?

Thanks,

Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

So Justin

As we discussed, the IP address that the TMS is communicating with is different than the one contained in the system identification. TMS is designed to do this as described in my previous post (snippet from the documentation). I don't know if there is a way to bypass this as according to what you told me the system is indeed behind a firewall from a technical perspective but you have a LAN Tunnel up. The ip that the TMS communicates with is however still different. Maybe someone else here knowns if there is a way to bypass this.

And since you have not filled out the "Behind Firewall" address the system will get to No HTTP status after a while since the system does not know how to reach the TMS with the address the TMS feeds it (blank).

Hope this helps you a little bit at least!

/Magnus

Magnus,

You were correct.  The dealer did not have anything in the 'Behind a Firewall' address in TMS, so we put in the proper IP.  However even after doing this we still had the same problem.  With the help of Magnus we were able to determine that the IP that the SX20 was reporting to TMS was different from the IP in the packet header.

We discussed this discrepancy with their network guy and he determined the IP in the packet header was from their 'Threatwall' appliance.  He then added the SX20 IP to the whitelist on the 'Threatwall'.  As soon as he did this we were able to add the SX20 without any problems and it stayed as 'Reachable on the LAN'.

Magnus, thanks again for help!

Justin

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ

Magnus Ohm
Cisco Employee
Cisco Employee

Behind firewall

Setting Behind firewall as System Connectivity will make Cisco TMS communicate with the endpoint in much the same way as Reachable on Public Internet, except Cisco TMS  will not be able to tell the endpoint to dial and must therefore set up  a route where for example an MPS is calling to the endpoint. All  communication between the system and Cisco TMS will be HTTP over port 80 or HTTPS over port 443.

Cisco TMS  will automatically detect that a system is a SOHO system when the IP  address the endpoint reports in status.xml is different from the IP  address the HTTP packets are coming from, and the HTTP (port 80) and  HTTPS (port 443) ports are closed. Cisco TMS will then set System Connectivity to Behind Firewall.

What does a wireshark trace on TMS and the codec show you in regards to the content of the status.xml or where the packets are coming to/from?

/Magnus

I've seen this on dual stacked networks. i.e. packets coming from IPv4 address and IPv6 address reported in status.xml

Magnus Ohm
Cisco Employee
Cisco Employee

Thanks for sharing justin

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers