In the last week or so, Ensign Support helped three customers with the following symptoms:
- Ensign connected to FXCM
- Ensign did not authenticate
- Ensign Chat would not work
- eChat would work
This indicates a possible firewall issue. Ensign Support remoted to their systems and each had their own set of circumstances. Each situation has its own details.
Servers in General
I'll also explain briefly how routers, switches, firewalls, etc. reroute ports. When a client (Ensign) communicates with a server (Chat Server) it says, in essence, I want to communicate with you at IP: 22.214.171.124 at Port 11000.
When the connection hits the firewall / router of 126.96.36.199, I have Port Forwarding turned on and it says, Port 11000 goes to "this" computer, which is on my network as 192.168.1.1. There is a program running, the Chat Server, that is "listening" on port 11000 and awaiting traffic.
Back to the firewall / router (FR). This, and other devices, says, only one system can communicate on this port, 11000. So, let's take this conversation to another port, then another port is assigned. Devices are intelligent enough to be allow this all behind the scene. So your initial request is to 11000 but after the initial "hi" you may be continuing the conversation at,say, port 55617.
This user was at a bank or institution that had a high-end firewall and the IT person was on the phone with Ensign Support. His problem was his high-end firewall did not allow for the type of rerouting mentioned above. I could see him on the server but it was not the port he was expecting, as it was rerouted. When the Chat Server sent a message back, it was not on the port it went out. Now, simple firewalls just "know" that this is the return packet and allow it though. This high end firewall did not allow it back in. After explaining this to the IT guy, he knew what was needed and went to work. It was non-trivial and got off the phone to do it. It would take him several hours and needed some approval to open the firewall up like that.
This person had the same symptoms. After logging onto their system, I noted they had three firewalls running. Windows Firewall, Norton and one other, BitWise or something like that. Anyway, he said everything was working fine until he upgraded last month and since then it has not worked. We set some rules in the Windows firewall to allow for Ensign. This did not work. We shut down the windows firewall altogether. It still did not work. We shut down the Norton. It still did not work. We shut down the BitWise and then it worked. The BitWise firewall had a bogus flag set or had other issue and shutting it down was necessary. He uninstalled the BitWise firewall and kept the other two.
Same exact symptoms as above. Customer was running only the Windows firewall on Windows 7. We set an inbound rule for Ensign as well as an outbound rule for Ensign. Nothing. We then reinstalled Ensign which resets flags in the firewall upon rerunning. When the new Ensign ran, Windows checked the flags and said, "Hey... things are different. What are the rules for this difference..." then proceeds with these rules. Normally reinstalling is not necessary. Normally there is not an issue because a message pops up and says, "Do you want to allow this app to connect to the internet..." and you go from there. However, in the event that these firewalls have problems, these are some of the means Ensign Support has used to get the customers to work.
There are many other situations, but if you understand what the firewall is doing and why, you can come up with clever ways to get them to work again.
Please let Ensign Support know if you have questions or would like me to try and explain something in more detail. Some of the confusion was, they were connecting to FXCM but not the authenticator or Chat... So, should the firewall be letting Ensign though? No, only partially.
| contact us
Ensign Software, Inc., 113 Stillwater Drive, Idaho Falls, ID 83404 Support: 801-328-1382 Billing: 208-552-2230
(c) 2011 Ensign Software, Inc. All Rights Reserved
Last modified 8/4/11 3:05 PM