Perimeter & Network Segment Firewalls (Packet Filtering)

If you have not yet installed the SmartSync software, and your firewall is configured at your network/segment perimeter(s), please follow these steps:

To test if your firewall is correctly setup, run Powershell and enter the following command:

Test-NetConnection -ComputerName sftp.beanworks.ca -Port 22000 -InformationLevel Detailed | Out-File -FilePath (New-TemporaryFile).FullName

Then, navigate to C:\Users\<USER>\AppData\Local\Temp, where <USER> is the directory of the user that ran the Powershell command, and open the most recently created tmp file that corresponds to when you ran the command above, it’s naming will be something like tmpXXXX.tmp.

The contents of the file should look like the following:

1 2 3 4 5 6 7 8 9 10 11 12 13 ComputerName : sftp.beanworks.ca RemoteAddress : 35.182.34.253 // this is always one of the NameResolutionResults below RemotePort : 22000 NameResolutionResults : 35.182.34.253 // this may be different, it is a dynamically allocated IP of serverA behind loadbalancer 35.182.210.250 // this may be different, it is a dynamically allocated IP of serverB behind loadbalancer MatchingIPsecRules : NetworkIsolationContext : Internet IsAdmin : // can be ignored InterfaceAlias : // can be ignored SourceAddress : // can be ignored NetRoute (NextHop) : // can be ignored TcpTestSucceeded : True // this is important as you need TCP traffic to succeed in reaching our SFTP servers

If NameResolutionResults is not populated, there is an issue with being able to translate the DNS query to the allocated IPs. Highly unlikely except for conditions where there is a proxy server on-premise intercepting traffic.

Client Firewall (Application Gateway)

If you have installed the SmartSync software, and you are configuring an Application Gateway that requires an User ACL, please ensure that the following applications are whitelisted for the SmartSync Windows Logon User that you created, the credentials for whom you will have used to Log On to the services:

SmartSyncManager

SmartSync Connector

SmartSyncPollingService

SmartSyncConnectorService

Regarding Proxy Servers

Please do not allow your proxy server to TLS/SSL terminate traffic from sftp.sageapa.com, sftp.beanworks.ca, and auth.beanworks.com - this will result in erroneous behaviour within the SyncTool.

Did this answer your question?