My customer is a small school in British Columbia. They have used the Successmaker program (written by Pearson Education) to teach numeracy and literacy skills. Since installing a SA520 the teachers are saying that Successmaker does not work properly.
I am at my wits end.
I have disabled content filtering for the SA520, I have disabled IDS on the SA520. I am using the default outbound firewall rule allowing inside addresses access anywhere on the Internet, and I have created an inbound firewall rule allowing all traffic and all services from the Successmaker server IP address that their tech support gave us.Their app is still unable to work properly.
What am I missing?
Before the SA520 was installed the school was using PAT to map different ports on the public IP on the school cable modem to inside addresses. The whole school was a big DMZ, and any port scanning would have reached into their network. The port mappings were never communicated to the Successmaker folks, so I doubt they were ever relevant to the issue. The Successmaker App is web based, and according to their tech support uses "transfer encoding:chunked" technology. I read up on this and it dates back pre Web 2.0 (pre flash, pre silverlight, pre basically the silicon chip). It is discussed in RFC 2616, the SA520 is Linux based, not IOS based. Does that mean that it does not understand RFC2616? I doubt it, and even if it didn't understand RFC 2616 surely all the steps I have taken above would blow a hole the size of a barn door through the firewall?
If this weren't a school would not be as emotionally connected as I am to their situation. Without this firewall they will be without much protection at all.
Can you help?
Message was edited by: dirkventer - I added the feedback received from Successmaker tech support. It suggests that the Cisco SA520 may be a problem, something I don't want to believe.