Sybase NNTP forums - End Of Life (EOL)

The NNTP forums from Sybase - forums.sybase.com - are now closed.

All new questions should be directed to the appropriate forum at the SAP Community Network (SCN).

Individual products have links to the respective forums on SCN, or you can go to SCN and search for your product in the search box (upper right corner) to find your specific developer center.

Device Proxy and HTTPS

5 posts in Trial Discussion Last posting was on 2007-03-08 17:55:51.0Z
"Razan" <mrazan_nospam Posted on 2007-02-26 15:59:37.0Z
From: "Razan" <mrazan_nospam@sybase_nospam.com>
Newsgroups: ianywhere.public.secureemail.trial
Subject: Device Proxy and HTTPS
Lines: 11
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-RFC2646: Format=Flowed; Original
NNTP-Posting-Host: adsl-74-103-192-81.adsl2.iam.net.ma
X-Original-NNTP-Posting-Host: adsl-74-103-192-81.adsl2.iam.net.ma
Message-ID: <45e303e9$1@forums-1-dub>
Date: 26 Feb 2007 07:59:37 -0800
X-Trace: forums-1-dub 1172505577 81.192.103.74 (26 Feb 2007 07:59:37 -0800)
X-Original-Trace: 26 Feb 2007 07:59:37 -0800, adsl-74-103-192-81.adsl2.iam.net.ma
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.secureemail.trial:55
Article PK: 10939

Hi,
I am trying to connect a mobile device through a DMZ Proxy using HTTPS with
OneBridge 5.5
Is it possible ?
When I checked the "HTTPS support" on the OneBridge Service wizard, I get
"Server Connection Lost" message on the device using the specified port.
Have I missed something ?

Razan


Mark Wright Posted on 2007-02-27 16:33:14.0Z
From: Mark Wright <mark.wright@ianywhere.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
Newsgroups: ianywhere.public.secureemail.trial
Subject: Re: Device Proxy and HTTPS
References: <45e303e9$1@forums-1-dub>
In-Reply-To: <45e303e9$1@forums-1-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
NNTP-Posting-Host: surfwc054.sybase.com
X-Original-NNTP-Posting-Host: surfwc054.sybase.com
Message-ID: <45e45d4a$1@forums-1-dub>
Date: 27 Feb 2007 08:33:14 -0800
X-Trace: forums-1-dub 1172593994 192.138.150.54 (27 Feb 2007 08:33:14 -0800)
X-Original-Trace: 27 Feb 2007 08:33:14 -0800, surfwc054.sybase.com
Lines: 32
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.secureemail.trial:56
Article PK: 10942


Razan wrote:
> Hi,
> I am trying to connect a mobile device through a DMZ Proxy using HTTPS with
> OneBridge 5.5
> Is it possible ?
> When I checked the "HTTPS support" on the OneBridge Service wizard, I get
> "Server Connection Lost" message on the device using the specified port.
> Have I missed something ?
>
> Razan
>
>

Razan,

The devices themselves need to connect to the DMZ Proxy over an HTTP
port such as port 80. From the handheld to the proxy we do not support
HTTPS, however our data is fully encrypted from end-to-end using AES 128
bit encryption.

When you select HTTPS support in the service wizard this is making it so
that OneBridge internal server is connecting to DMZ Proxy over an
outbound connection to the DMZ Proxy using HTTPS (typically using port
443). If this port is not configured to be outbound to the DMZ Proxy
machine then the communication will fail.

You also need to make sure that your DMZ Proxy is aware of the internal
server connecting to it. It sounds like you have this configured
correctly though when not using HTTPS.

Thanks

Mark


"Razan" <mrazan_nospam Posted on 2007-02-27 17:52:17.0Z
From: "Razan" <mrazan_nospam@sybase_nospam.com>
Newsgroups: ianywhere.public.secureemail.trial
References: <45e303e9$1@forums-1-dub> <45e45d4a$1@forums-1-dub>
Subject: Re: Device Proxy and HTTPS
Lines: 42
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
X-RFC2646: Format=Flowed; Response
NNTP-Posting-Host: adll-154-242-206-196.marocconnect.net.ma
X-Original-NNTP-Posting-Host: adll-154-242-206-196.marocconnect.net.ma
Message-ID: <45e46fd1@forums-1-dub>
Date: 27 Feb 2007 09:52:17 -0800
X-Trace: forums-1-dub 1172598737 196.206.242.154 (27 Feb 2007 09:52:17 -0800)
X-Original-Trace: 27 Feb 2007 09:52:17 -0800, adll-154-242-206-196.marocconnect.net.ma
X-Authenticated-User: techsupp
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.secureemail.trial:57
Article PK: 10941

Ok, thanks for the reply, Mark.
My problem is that the customer wants to close all ports (for security
purpose), except the 443 for ssl connection.

Regards,

Razan

"Mark Wright" <mark.wright@ianywhere.com> a écrit dans le message de news:
45e45d4a$1@forums-1-dub...

> Razan wrote:
>> Hi,
>> I am trying to connect a mobile device through a DMZ Proxy using HTTPS
>> with OneBridge 5.5
>> Is it possible ?
>> When I checked the "HTTPS support" on the OneBridge Service wizard, I get
>> "Server Connection Lost" message on the device using the specified port.
>> Have I missed something ?
>>
>> Razan
> Razan,
>
> The devices themselves need to connect to the DMZ Proxy over an HTTP port
> such as port 80. From the handheld to the proxy we do not support HTTPS,
> however our data is fully encrypted from end-to-end using AES 128 bit
> encryption.
>
> When you select HTTPS support in the service wizard this is making it so
> that OneBridge internal server is connecting to DMZ Proxy over an outbound
> connection to the DMZ Proxy using HTTPS (typically using port 443). If
> this port is not configured to be outbound to the DMZ Proxy machine then
> the communication will fail.
>
> You also need to make sure that your DMZ Proxy is aware of the internal
> server connecting to it. It sounds like you have this configured
> correctly though when not using HTTPS.
>
> Thanks
>
> Mark


Mark Wright Posted on 2007-03-01 17:48:01.0Z
From: Mark Wright <mark.wright@ianywhere.com>
User-Agent: Thunderbird 1.5.0.9 (Windows/20061207)
MIME-Version: 1.0
Newsgroups: ianywhere.public.secureemail.trial
Subject: Re: Device Proxy and HTTPS
References: <45e303e9$1@forums-1-dub> <45e45d4a$1@forums-1-dub> <45e46fd1@forums-1-dub>
In-Reply-To: <45e46fd1@forums-1-dub>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
NNTP-Posting-Host: surfwc054.sybase.com
X-Original-NNTP-Posting-Host: surfwc054.sybase.com
Message-ID: <45e711d1$1@forums-1-dub>
Date: 1 Mar 2007 09:48:01 -0800
X-Trace: forums-1-dub 1172771281 192.138.150.54 (1 Mar 2007 09:48:01 -0800)
X-Original-Trace: 1 Mar 2007 09:48:01 -0800, surfwc054.sybase.com
Lines: 58
X-Authenticated-User: amdin
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.secureemail.trial:58
Article PK: 10940


Razan wrote:
> Ok, thanks for the reply, Mark.
> My problem is that the customer wants to close all ports (for security
> purpose), except the 443 for ssl connection.
>
> Regards,
>
> Razan
>
> "Mark Wright" <mark.wright@ianywhere.com> a écrit dans le message de news:
> 45e45d4a$1@forums-1-dub...
>> Razan wrote:
>>> Hi,
>>> I am trying to connect a mobile device through a DMZ Proxy using HTTPS
>>> with OneBridge 5.5
>>> Is it possible ?
>>> When I checked the "HTTPS support" on the OneBridge Service wizard, I get
>>> "Server Connection Lost" message on the device using the specified port.
>>> Have I missed something ?
>>>
>>> Razan
>> Razan,
>>
>> The devices themselves need to connect to the DMZ Proxy over an HTTP port
>> such as port 80. From the handheld to the proxy we do not support HTTPS,
>> however our data is fully encrypted from end-to-end using AES 128 bit
>> encryption.
>>
>> When you select HTTPS support in the service wizard this is making it so
>> that OneBridge internal server is connecting to DMZ Proxy over an outbound
>> connection to the DMZ Proxy using HTTPS (typically using port 443). If
>> this port is not configured to be outbound to the DMZ Proxy machine then
>> the communication will fail.
>>
>> You also need to make sure that your DMZ Proxy is aware of the internal
>> server connecting to it. It sounds like you have this configured
>> correctly though when not using HTTPS.
>>
>> Thanks
>>
>> Mark
>
>

Because our information is already encrypted and we do not support SSL
certificates on the device we cannot support HTTPS traffic to DMZ Proxy.
We do support HTTP traffic to the DMZ, which typically will have at
least port 80 open to the DMZ.

To be clear; from the internal network, where the OneBridge server is
installed, we support HTTPS over port 443 outbound only to the DMZ
Proxy, no other ports need to be opened inbound or outbound from the
internal network to the DMZ.

We feel that this is a very secure solution.

Thanks

Mark


Razan Posted on 2007-03-08 17:55:51.0Z
Sender: 206c.45f04d72.1804289383@sybase.com
From: Razan
Newsgroups: ianywhere.public.secureemail.trial
Subject: Re: Device Proxy and HTTPS
X-Mailer: WebNews to Mail Gateway v1.1t
Message-ID: <45f04e27.2081.1681692777@sybase.com>
References: <45e711d1$1@forums-1-dub>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
NNTP-Posting-Host: 10.22.241.41
X-Original-NNTP-Posting-Host: 10.22.241.41
Date: 8 Mar 2007 09:55:51 -0800
X-Trace: forums-1-dub 1173376551 10.22.241.41 (8 Mar 2007 09:55:51 -0800)
X-Original-Trace: 8 Mar 2007 09:55:51 -0800, 10.22.241.41
Lines: 70
Path: forums-1-dub!not-for-mail
Xref: forums-1-dub ianywhere.public.secureemail.trial:59
Article PK: 19067


> Razan wrote:
> > Ok, thanks for the reply, Mark.
> > My problem is that the customer wants to close all ports
> > (for security purpose), except the 443 for ssl
> > connection.
> > Regards,
> >
> > Razan
> >
> > "Mark Wright" <mark.wright@ianywhere.com> a écrit dans
> > le message de news: 45e45d4a$1@forums-1-dub...
> >> Razan wrote:
> >>> Hi,
> >>> I am trying to connect a mobile device through a DMZ
> Proxy using HTTPS >>> with OneBridge 5.5
> >>> Is it possible ?
> >>> When I checked the "HTTPS support" on the OneBridge
> Service wizard, I get >>> "Server Connection Lost"
> message on the device using the specified port. >>> Have I
> missed something ? >>>
> >>> Razan
> >> Razan,
> >>
> >> The devices themselves need to connect to the DMZ Proxy
> over an HTTP port >> such as port 80. From the handheld
> to the proxy we do not support HTTPS, >> however our data
> is fully encrypted from end-to-end using AES 128 bit >>
> encryption. >>
> >> When you select HTTPS support in the service wizard
> this is making it so >> that OneBridge internal server is
> connecting to DMZ Proxy over an outbound >> connection to
> the DMZ Proxy using HTTPS (typically using port 443). If
> >> this port is not configured to be outbound to the DMZ
> Proxy machine then >> the communication will fail.
> >>
> >> You also need to make sure that your DMZ Proxy is aware
> of the internal >> server connecting to it. It sounds
> like you have this configured >> correctly though when
> not using HTTPS. >>
> >> Thanks
> >>
> >> Mark
> >
> >
> Because our information is already encrypted and we do not
> support SSL certificates on the device we cannot support
> HTTPS traffic to DMZ Proxy.
> We do support HTTP traffic to the DMZ, which typically
> will have at least port 80 open to the DMZ.
>
> To be clear; from the internal network, where the
> OneBridge server is installed, we support HTTPS over port
> 443 outbound only to the DMZ Proxy, no other ports need
> to be opened inbound or outbound from the internal
> network to the DMZ.
>
> We feel that this is a very secure solution.
>
> Thanks
>
> Mark

The customer wants to add a reverse proxy in front of the
DMZ Proxy:
device <-80-> reverse Proxy <-8080-> DMZ Proxy
<-443->OneBridge

Is this architecture supported ?

Razan