CMS Aspect eWFM firewall ports

[AuraPS]

All,

I have a customer trying to implement the following:

CMS R13 / Aspect eWFM R7.4

They already have in place a connection to an older eWFM server (7.2)
with 2 ACD sessions and these works fine. I am trying to point the CMS to the new server. I've done the following:

1. changed the /etc/hosts file to point the ewfmrta entry to the new IP address

2. checked the /export/home/pserv/rta_tcs ....'startrta' file has the host name and port number 6996
1) $home/rta_${pkg}1 -w$wtmout ewfmrta 6996 acd1 ;;
2) $home/rta_${pkg}2 -w$wtmout ewfmrta 6997 acd2 ;;

3. stopped and started the RTA feed ...succesful

4. when I do a netstat the host entry 'ewfmrta' connection is missing although when it is points to the old ewfm server the 'ewfmrta' has CONNECTION ESTABLISHED for both sessions

I was advised that the CMS did not need a reboot (only the CMS IP address change in the hosts file rewuires a reboot) but we rebooted anyway, still did not work
The routing to the new server is in place and we can ftp the reports from the TCS menu ok, we just cant get an RTA connection.

The customer has a very strict firewall policy and the new server is in a new location with ports 6996 and 6997 open in only one direction (towards the eWFM listener).

My question is, does anyone know if these ports should be open in both diretions or if there are any other ports that need opening

Many thanks

 

[europe]

Both ways so the wfm can signal it accepts the connection


Please let me know if the information that was provided is helpfull.
Edwin Plat
A.K.A. Europe

 

[4merAvaya]

Depending on your hardware platform you may have multiple NICs. WFM will typically only accept data from a specific IP address. If your server has more than 1 NIC, go to the /etc/rc2.d directory and look for a file S99route. Within that file you specify which NIC to use for which application. In our shop we use the 2nd NIC for the PBX links and the IEX feeds.

Kevin

 

[AuraPS]

thanks europe thats what i thought

4meravaya - its all coming down one pipe


the new server is in a different location with a different firewall policy

This is the output data from the ce0 ethernet interface snoop trace on the CMS - currently working connection (production UK) on port 6996

a0631an1139# snoop -d ce0 port 6996
Using device /dev/ce (promiscuous mode)
a0631an1139 -> ewfmrta TCP D=6996 S=33362 Push Ack=2348012912 Seq=575166172 Len=1343 Win=49640
ewfmrta -> a0631an1139 TCP D=33362 S=6996 Ack=575167515 Seq=2348012912 Len=0 Win=65535
a0631an1139 -> ewfmrta TCP D=6996 S=33362 Ack=2348012912 Seq=575167515 Len=1460 Win=49640
a0631an1139 -> ewfmrta TCP D=6996 S=33362 Push Ack=2348012912 Seq=575168975 Len=323 Win=49640


This is the output data from the ce0 ethernet interface on the CMS - not working to new eFWM server (Germany) on port 6997

a0631an1139# snoop -d ce0 port 6997
Using device /dev/ce (promiscuous mode)
a0631an1139 -> ewfmnew TCP D=6997 S=53882 Syn Seq=4243402450 Len=0 Win=49640 Options=<mss 1460,nop,nop,sackOK>
ewfmnew -> a0631an1139 TCP D=53882 S=6997 Rst Ack=4243402451 Win=0
a0631an1139 -> ewfmnew TCP D=6997 S=53883 Syn Seq=1965956060 Len=0 Win=49640 Options=<mss 1460,nop,nop,sackOK>
ewfmnew -> a0631an1139 TCP D=53883 S=6997 Rst Ack=1965956061 Win=0
a0631an1139 -> ewfmnew TCP D=6997 S=53884 Syn Seq=1236015171 Len=0 Win=49640 Options=<mss 1460,nop,nop,sackOK>


I'm thinking its their firewall policy

 

[phoneguy55]

Why not just allow any port both ways to prove your point. A quick firewall change, then a test will prove if it's the firewall or not.

 

[AuraPS]

got it sorted .... it was as i thought
the customers firewall rules


thanks all for your input