Issue with Firewall Protocols

amadonna · Post by **amadonna** » Thu Nov 23, 2006 10:33 am

At present we are facing issue in using SOS either from inside or from outside the company.
The issue can be described in this way...it is not possible to download the whole list of projects in a single shot, and we are forcing to go project by project, of course this requires a lot of time and it is bothering people very much.
The SOS server is placed in a DMZ network so both from inside and outside we access it through our firewall (symantech). The firewall handles rules to access the SOS server, today I have discovered that if we remove the rules that handle the client connection with the server it is possible to download in a single shot the whole tree of projects.

Our network manager will not accept to work without rules and he would like to know in detail which are the protocol involved (at the moment port 80,8080,8081 are allowed toghether with specific protocol) ? Is there any involvement of FTP protocol ?

Thanks

lbauer · Post by **lbauer** » Thu Nov 23, 2006 7:49 pm

The SOS Client communicates with the SOS Server using a custom TCP/IP protocol.

Here's an example of how to set up SOS with an ISA firewall. maybe you'll get some ideas from it:

http://support.sourcegear.com/viewtopic.php?t=1675

amadonna · Post by **amadonna** » Mon Nov 27, 2006 7:14 am

Could we receive the list of protocols from/to the server required to properly use SOS ? The previous answer doesn't solve our issue.

Post by **jclausius** » Mon Nov 27, 2006 9:39 am

SourceOffSite communicates through its own proprietary protocol. Any firewall rules should allow the SOS protocol to flow through untouched, as any interference of the network protocol will cause problems on the client.

The ports you'll need to open for network communications can be controlled through the SourceOffSite Server Manager.

amadonna · Post by **amadonna** » Tue Nov 28, 2006 3:17 am

We must pass through our firewall. We are not allowed to bypass it. We have configured port 8081 and 8080 but we get the error SERVER CLOSED CONNECTION, is there any other parameter to consider or any other port required ? The behaviour is the following if we '' Get Last Version..'' on a small project we obtain the files if we do it on a bigger project we get the SEREVER CLOSED error

lbauer · Post by **lbauer** » Tue Nov 28, 2006 11:29 am

The behaviour is the following if we '' Get Last Version..'' on a small project we obtain the files if we do it on a bigger project we get the SEREVER CLOSED error

This would indicate that something is closing the connection after a certain period of time or after a certain amount of data has passed through the firewall. See if there's any configuration limiting the time period or amount a data per session.

Post by **jclausius** » Tue Nov 28, 2006 11:30 am

amadonna wrote:We must pass through our firewall. We are not allowed to bypass it.

I think you may have incorrectly interpreted my post. The SOS traffic will go through the firewall, but the firewall should not do any type of inspection in which it removes data from the network stream. It is important the network stream pass through firewall without changing any of the data in the packet's payload.

amadonna wrote:We have configured port 8081 and 8080 but we get the error SERVER CLOSED CONNECTION, is there any other parameter to consider or any other port required ? The behaviour is the following if we ''Get Last Version..'' on a small project we obtain the files if we do it on a bigger project we get the SEREVER CLOSED error

What is the configuration of secure vs. non-secure SOS ports? You will only use one or the other during the client connection. When you try to log in with a large tree, are you using the non-secure port? Is it possible there is some configuration on your firewall in regards to a size restriction?

Remember, when the client first connects to the SOS server, it is going to request the entire folder structure. This will be a large data transfer from server to client, so if something is configured to close a connection based on data transfer, that might explain the error.

lbauer · Post by **lbauer** » Tue Nov 28, 2006 11:50 am

Another possibility is that the firewall is configured to close the connection if NO data has passed for a period of time. The SOS Server only communicates with the SOS Client when it needs to, so there may be periods of latency. In a big get, the SOS Server may be doing a processing on the LAN, with no data sent to the client for a time.