cancel
Showing results for 
Search instead for 
Did you mean: 

Port 22 outbound blocked?

former_member104694
Participant
0 Kudos

Hi all,

I'm developing an app which needs to transfer some data via SFTP. Everything works fine in local runtime, however once published to HCP the connection times out while trying to create socket on port 22.

I've tried with a more than sufficient timeout (as well as no timeout), and have tested the connection to the same host on port 443 which works fine. So it appears the problem may be due to port 22 outbound being blocked rather than not having long enough to establish a connection. Can anyone confirm whether port 22 outbound is blocked for HCP accounts? The comments here suggest not, but these were made over two years ago so not sure if anything has changed since then. Below is part of the trace...


com.jcraft.jsch.JSchException: timeout: socket is not established

at com.jcraft.jsch.Util.createSocket(Util.java:394)

at com.jcraft.jsch.Session.connect(Session.java:215)

Many thanks.


Regards,

Ian

Accepted Solutions (1)

Accepted Solutions (1)

Andreas_Wiedema
Explorer
0 Kudos

Hi Ian,

Following the information in the HCP documentation here (section "Restrictions" at the end of the page) you are only able to use port numbers >1024 for HCP to internet connections. HTTPS port 443 is working as the communication via HTTPS is possible by default.

Hope this helps.

Kr,

Andreas

former_member104694
Participant
0 Kudos

Hi Andreas,

Thanks for your reply.

I was hoping that those restrictions only apply when using the provided connectivity service APIs for the protocols mentioned in the documentation.

I've done a bit of playing around and can actually connect outbound on port 22 to certain hosts...


SOCKET: Testing port 22 of address sftp4.successfactors.com

SOCKET: is connected? true

SOCKET: closing socket, goodbye...

SOCKET: Testing port 22 of address sftp8.successfactors.com

java.net.SocketTimeoutException: connect timed out (port 22 to address 65.221.8.45)

Are there firewall rules which allow outbound SFTP connection to particular hosts? Or is there something else I'm missing here? Both the above servers are in the US and my app is running on hana.ondemand.com.

Regards,

Ian

Andreas_Wiedema
Explorer
0 Kudos

Hi Ian,

I can just guess that there are some exceptions especially for other SAP cloud solutions like SFSF which are whitelisted.

Hopefully somebody from HCP PM or DEV team can give you more insights.

Kr,

Andreas

Vlado
Advisor
Advisor
0 Kudos

Let's ping and

Answers (0)