charliehtektips
Programmer
I have Tomcat running a web app on port 80. I manufacture some devices which connect to that web app over the Internet in order to exchange data.
The remote devices work fine everywhere in the world, but when I take a device into a corporate environment, weird things happen.
These sites permit web browsing from inside. That is, I can plug in a laptop and browse the web no problem.
But when I plug one of my devices in, at one site, everything proceeds fine, SYN, SYN/ACK, ACK, the box sends an http POST to the server containing the soap request, the server ACKS and returns a response packet. But the response packet is dropped by the corporate firewall. No log, no explanation.
Nobody in IT at the corporation, and nobody at Cisco knows why this is happening.
At another site, the entire TCP conversation proceeds until the server is all done and sends a FIN packet. The corporate firewall drops the FIN packet. Nothing else gets dropped in the whole conversation, just the FIN packet. Yet when you browse the web from that same point inside the facility, FIN packets are passed.
I'm completely defeated. Why would a firewall which permits web browsing not permit my web app over http (it's even on port 80), in a manner such that nobody knows, not even the firewall manufacturer, why it is doing it?
The remote devices work fine everywhere in the world, but when I take a device into a corporate environment, weird things happen.
These sites permit web browsing from inside. That is, I can plug in a laptop and browse the web no problem.
But when I plug one of my devices in, at one site, everything proceeds fine, SYN, SYN/ACK, ACK, the box sends an http POST to the server containing the soap request, the server ACKS and returns a response packet. But the response packet is dropped by the corporate firewall. No log, no explanation.
Nobody in IT at the corporation, and nobody at Cisco knows why this is happening.
At another site, the entire TCP conversation proceeds until the server is all done and sends a FIN packet. The corporate firewall drops the FIN packet. Nothing else gets dropped in the whole conversation, just the FIN packet. Yet when you browse the web from that same point inside the facility, FIN packets are passed.
I'm completely defeated. Why would a firewall which permits web browsing not permit my web app over http (it's even on port 80), in a manner such that nobody knows, not even the firewall manufacturer, why it is doing it?