Firewall Wizards mailing list archives
EDI (AS2) Configuration
From: WarrenPaul () russellcorp com
Date: Wed, 26 Oct 2005 15:44:24 -0500
We're researching several different EDI systems and are currently gathering infrastructure information from the vendors. One area of concern that has come up is the component placement within the various firewall security zones (Internal/External/DMZ). Some vendors have an AS2 "listener" within the DMZ that receives AS2 communications from the trading partners, validates the data, and forwards it on to the application servers within the internal network. Other vendors recommend allowing the trading partners to communicate directly with the application servers on the internal network. They claim that there is enough security in the application to prevent abuse of the server/network. I see three possible configurations - 1) Systems with AS2 communications via a "listener" in the DMZ 2) Systems with AS2 communications via a reverse http proxy in the DMZ 3) Systems with AS2 communications directly to internal servers I suppose I prefer them in the above order. Several vendors are pretty insistent that #3 is "good enough" because of their "excellent software" - I'm inclined to compromise with #2 instead. I'd appreciate any info anyone can offer on implementing this type of app (AS2-based EDI). Do I have these configurations ranked appropriately (from a network security perspective)? Are there configurations I'm not considering? Is it fair to say that configuration #3 is a "worst-case" scenario (from a network security perspective)? Any constructive comments are welcomed and appreciated! - Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- EDI (AS2) Configuration WarrenPaul (Oct 31)