Box Status

Webhook NAT through Firewall to internal network

Follow
New post
pjearl

Has anyone successfully had a webhook delivered and processed on an internal network where net traffic is NAT through the firewall (NAT- Network Address Translation- external address translated to internal and back)? Can this work with an SSL Cert on the Internal ip, which is the only ip on the internal server?  Creating the Wehook 2.0 with the api is successful.  I can see the webhook traffic reach the server on port 443 with Microsoft Message Analyzer, but it does not make it to the web server and so the REST endpoint cannot process it.  I suspect it may be a SSL Cert. issue as the endpoint works fine on internal requests using Postman with webhook headers/payload.

0

Comments

2 comments

Date Votes
  • cbetta

     sorry I have no experience with this. I’ve previously done something similar on AWS architecture, so it’s definitely possible.

    0
    Comment actions Permalink
  • pjearl

    Hey- thanks for the encouragement!  🙂

    This is an interesting situation where I'm working at a corp. with all the safeguards to keep our internal network secure, which appear to me to be 'normal'.  DMZ, firewalls, etc.  Traffic coming in that is initiated from without is setup with NAT (Network Address Translation).  The externally exposed ip address is translated to an internal address and domain names are not used.  The post is to a url with the external ip address, I see the traffic reaching our internal server (internal ip address) on port 443 with Microsoft Message Analyzer.  The internal server has the required CA SSL Certification (not internal CA), but is associated with the internal domain name.  So we are looking at ways to associate the internal ip address with the domain name on the Cert.  Even internally Posting with Postman using the ip in the url we get "There was an error connecting" but using the domain name in the url works.

    Creating the Webhook is working.  The webhook notification is being sent.  Box.com support checked their logs for us- they are getting an https status 503 in response. "The server is currently unavailable (because it is overloaded or down for maintenance)."  But running a request internally using the internal domain name works.

    So I am down to the SSL Certificate being the issue for lack of any alternative indicators.

     

    0
    Comment actions Permalink

Please sign in to leave a comment.