Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
5
Helpful
1
Replies

Expressway Edge Traversal zone to "TLS verify" causes FW drops

gfolens
Level 4
Level 4

‎05-31-2021 02:39 AM - edited ‎05-31-2021 02:40 AM

I noticed when enabling on the Expressway-Edge side TLS verify on the Traversal server link the FW between Edge and Core starts to drop packets coming from the Edge side.

Is this normal behaviour? Normally the FW ports should only be opened from Core to Edge. No ports to be opened in the reverse way. Correct?

Labels:
0 Helpful
1 Reply 1

Nithin Eluvathingal
VIP
VIP

‎05-31-2021 09:36 AM - edited ‎05-31-2021 05:27 PM

Yes, you need to open the ports from C to E and not the reverse thats how the traversal zones works. I Never come across such a deployment where there is a firewall in between C and E so I never tested this in real. 

 

I always refer the MRA port usage guide, it has all   ports and its directions  mentioned in details. The below link is for version 12.5.

 

Can I know what packets are getting dropped through the firewall ?

 

Cisco Expressway IP Port Usage Configuration Guide (X12.5)https://www.cisco.com › expressway › config_guide

 

 



Response Signature


Customers Also Viewed These Support Documents