RE: Millennium standards compliance and firewalls

Home  Mailing list  Meetings  Regional/Special  About IUG  Contact Us Help
 

 

[ List Archives Home ] [ Thread index for 2008 ] [ Date index for 2008 ] [ Author index for 2008 ]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Here at OHIONET, we manage the Innovative system for a consortium of 21
academic libraries. Our network uses a Sonicwall and we do not have
this problem on our end (when we connect to the III server through our
firewall).

However, one of our member libraries' institutions just implemented a
Sonicwall which is managed by a third party (or fourth, depending on how
you count). This library IS experiencing a related problem on their end
of the connection to the server.

Our understanding of the problem is that one of the Sonicwall's Security
Services (IIUC, the intrusion prevention functionality) is the culprit
(we do NOT use that feature of the Sonicwall).

Despite Sonicwall's response, I'm pretty sure you can override most of
the Security Services by either:

1. overriding the various policies OR
2. configuring an exclusion list in the global settings

... and how you do that depends on whether you're running the standard
or enhanced OS.

Perhaps someone a little more familiar with those specific services on
the Sonicwall can offer some insight?

Best,

Matt

-----Original Message-----
From: innopac-bounces at innopacusers dot org
[mailto:innopac-bounces at innopacusers dot org] On Behalf Of Byron C. Mayes
Sent: Tuesday, July 12, 2005 10:26 AM
To: waage at macalester dot edu; 'IUG INNOPAC List'
Subject: RE: Millennium standards compliance and firewalls


Way back on Tuesday, May 24, 2005 11:18 AM Steve Waage wrote:

|IUGs,
|We are having problems with Millennium client connections that have to
run
|through firewalls upgraded to the latest software/firmware available.
|The following is an example of an exchange I recently had with an IT
director
|after he and his firewall vendor did some packet dumping on Millennium
traffic.
...
|the initial exchange. We submitted all of this to [FIREWALL
|VENDOR] over a period of time and Here is the response from
|the engineering department:
|
|Returned call to customer asked him to call me. I briefly
|explained the reason for us dropping packets. Packet traces
|show that the application is not rfc1945 and rfc2616
|compliant. According to the RFCs HTTP client should send
|packet where GET line ends with 0D 0A (CRLF): 47 45 54 20 2F
|49 4E 49 54 41 50 50 GET /INITAPP 20 48 54 54 50 2F 31 2E 30
|0D 0A HTTP/1.0... But this client sends packet where GET line
|ends with 0A 0A 0A (CRCRCR) instead of 0D 0A (CRLF): 47 45 54
|20 2F 49 4E 49 54 41 50 50 GET /INITAPP 20 48 54 54 50 2F 31
|2E 30 0A 0A 0A HTTP/1.0...

Beginning at the word, "Packet," this is word for word and CHARACTER FOR
CHARACTER the response our user in Italy got from the folks at
sonicwall,
their firewall vendor. Even the ellipses are there.

This brings two questions to mind:

1) Is anyone having any sort of problem with Millennium clients running
through firewalls from any vendor?

2) Is anyone running Millennium clients from behind sonicwall firewalls
NOT
experiencing problems?

Private answers are fine if you've got them.

Thanks,
Byron

--
Byron C. Mayes, MLS
Head, Library Systems & Technology
Temple University * Philadelphia, PA
ByronC dot Mayes at temple dot edu
Listowner, BLACK-IP: The Black Information Professionals' Network
Join at <http://listserv.temple.edu/archives/black-ip.html>

--
This message was distributed through the Innovative Users Group INNOPAC
list
Public replies: INNOPAC at innopacusers dot org
Update your subscription options:
http://innopacusers.org/mailman/listinfo/innopac