-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wallet behind corporate firewall #403
Comments
Encountered another lawyer who had this same problem. She was able to figure out that she needed to turn off wifi when at work and that it works fine at home. |
To clarify, nodes on an indy-node network can be using any ports in the range of 9700 to 9799 for either of their node and client ports. There is a very loose convention that nodes use 9701 for their internode communications and 9702 for their client communications. For example all of the nodes in the CANdy networks conform to the 9701 (node) and 9702 (client) convention, however there are several nodes on the Sovrin networks that use other ports in the allowed range. It all depends on the network and the Steward. A few examples:
|
When you're speaking with security folks about this you need to explicitly indicate that they ONLY need to allow outbound traffic on the port range 9700-9799, which is a relatively safe thing to do. They can continue to block inbound traffic on those ports. The clients, the wallets in this case, only need to be able to reach out to establish the connection (outbound). There will NEVER be a case where a node attempts to make a connection (inbound) to a client. You may also get some security folks wanting to know the IP addresses of the nodes so they can specify them in their firewall rules. This is not practical as nodes will come and go from a given network over time and the IP addresses of some nodes may even change over time as a Steward migrates to a different hosting platform. You would end up having issues with clients failing to connect to a given network over time that would be exceedingly difficult to troubleshoot. It also does not make a lot of sense since it's only outbound connections that need to be opened. |
need to have a conversation with Stephen and Andrew @jeffaudette will reach out to the ent apps team when we are ready for this, will be after the performance issues are resolved |
@cvarjao sm\po |
Closing as duplicate as this is being addressed by #2023 |
There was at least one instance where SSI wallets (including Trinsic) do not work on a corporate network/wifi. We may need to investigate what are the network requirements.
Problem:
(WIP) It looks like a mobile wallet access non http/https (ports 80/443) endpoints which might not be allowed for some corporate firewalls. The initial assumption is that access to the ledger is through a non http/https port.
Workaround
Proposed Solution
https://github.com/2060-io/credo-ts-indy-vdr-proxy
The text was updated successfully, but these errors were encountered: