EDI via FTP on an AS400 setup questions

[vintagecar]

Here's the low down...We are currently FTPing 214 and 210's as a flat file to our VAN, 204's and 990's are being translated in Harbinger. I've been asked to see if we can circumvent the VAN and go direct to the customer to cut costs. What all do I need on our AS400 to get this done. The customer wants me to send them the data in an EDI format not flat file format, so I'm going to have to do some sort of translation on my end. I'm not to impressed with Harbinger, and we have already moved the 214 and 210's from that software. So If I can move the 204's and responses off as well, that would be great. I've heard about Trailblazer some, and have requested a demo CD, will there be anything else that I will need to successfully transmit EDI via FTP through our AS400 directly to a customer?

 

[tdacquisto]

TLE can be set up to do this quite easily.

set up the trading partner to a pseudo network so documents for this trading partner will just sit in the mailbox.

then use the TLE API to transfer data in and out of the mailbox to native AS400 files. At that point, you can us the FTP functions on the AS400 to connect to your trading partner's computer and send and receive the documents.

I do this with one of our trading partners and it works very nicely.

I am also setting up Walmart AS2 and will be doing it this way also, except instead of remotely connecting to the trading partner's computer, I'm connecting to our AS2 software, which will then send and receive data to and from Walmart.

Shoot me an email and I can give you more specifics if you like.

Tom

 

[rpgguruhere]

Tom, question for you.
Where the AS2 software is installed, outside or inside your company firewall?
Does your AS2 box always initiating the connection?

 

[tdacquisto]

We have the iSoft software set up behind the firewall.

I have since read some comments about people having difficulty with firewalls and the iSoft stuff.

I will find out more next week when our testing begins.

I'm not sure what you mean when you ask if our AS2 box is initiating the connection. As I understand it, the iSoft peer to peer agent runs on the system 24/7. Whenever Wal-Mart sends us stuff, it will be received by the system and stay in the inbox until our EDI job on the 400 runs and then the pgms I wrote will pick up the data from the server and load it into TLE. Is this not correct?

Tom.

 

[rpgguruhere]

Tom,
since the iSoft software is located behind the firewall, how did you configure the firewall to allow access from outside to the iSoft box? by ip? protocol? port? Do you use internet or some sort of secure connection like leased line, vpn....

 

[tdacquisto]

I believe it was set up by IP address, but I'll have to double check with my network admin.

 

[rpgguruhere]

I am far from being a security expert but I heard that security engineers from different companies confirm that opening up firewall for any connection IN is just asking for trouble. Since there are many ways how the inside connection can be exploited by the malicious user.
The way I’ve seen AS2 and other secure connections implemented is allow the box from the inside the firewall to perform PUSH-PULL to the remote host and not allow any connections established from outside. Or have two firewalls: one is extranet and on is Internet. The AS2 box is sitting behind the internet firewall allowing for in and out connections for certain IP,ports e.t.c It still allows outside user to hack it but that box only and not the whole company's network. Also there is a peace of software(hardware) behind extranet firewall does PUSH-PULL of data from the AS2. Basically AS2 box is in DMZ area.
So the only secure way to configure the firewall will be to allow outbound requests and NO inbounds.
Just for information.