Versions Compared

Version Old Version 9 New Version 10
Changes made by

Helen Williams

Helen Williams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
panelIconId1f6a7
panelIcon:construction:
panelIconText🚧
bgColor#FFEBE6

This page was created to contain general notes/documentation for the CAS API and Slate integration that is CAS-agnostic. It is under construction.

...

  1. Go to https://ip-ranges.amazonaws.com/ip-ranges.json and copy the JSON file.

  2. Use a JSON converter to convert to an excel spreadsheet.

  3. Open the excel spreadsheet and use highlight text rules to identify any IP addresses that contain a CIDR notation between /0 and /15, then delete those from the spreadsheet (when this was done in 12/2023, there were only CIDR notations of 11 - 15). Slate will not allow these CIDR subnets for security reasons (they cover too wide a range of possible IP addresses, from 131,072 to 4,294,967,296 total IP addresses).

  4. Copy the column of IP addresses remaining and use a column to comma separated list converter to make the new list.

  5. In Slate, go to Database > Users > CAS/Liaison Service Account > Roles and scroll to the bottom where there is a field for “Allowed Networks.” Paste your comma separated list at the end, then save.

...

Allowed Networks (Deprecated January 2024)

Below are the IP addresses that are included in the “allowed networks” of existing CAS/Liaison Service accounts for future reference. It is unclear which exactly are used by the Liaison systems, the following list is provided for reference/troubleshooting.

...

Troubleshooting Connection Issues

https://knowledge.technolutions.com/hc/en-us/community/posts/20008552350875-SFTP-Issueshttps://help.liaisonedu.com/Integration/CAS_API/CAS_Slate_Integration/Go_Live_and_Future_Preparedness/04_Troubleshooting_Your_Integration

Some client connections for SFTP and direct SQL access were not allowed through the edge firewalls last night due to their IP authorization entries expiring. The process through which IP authorization entries are renewed runs as part of a recurring system process that includes other system activities such as provisioning Time Warp environments. Due to a series of excessively-large Time Warp environments that were provisioned, some of the authorization entries expired prior to the authorization entries being renewed. We have removed the Time Warp provisioning process from this series of system processes to ensure that these activities do not delay the IP authorization renewal process from running regularly. All IP authorization entries were up-to-date as of earlier this morning. We will be launching the new Time Warp and test environment provisioning process today which will begin provisioning these environments in a newly-distributed way, which should additionally help reduce the provisioning time going forward.

- Paul Turchan (Technolutions Director of Community Support), 11/22/2023

My initial hypothesis is that there's a new IP address in rotation which is the most common cause in a connection reset or timeout message on the sender side. You might reach out to the IT/Networking team to make sure there aren't new public IPs for this service.

If this is happening for a specific user account, let me know. We can check the logs to see if there's any pattern that can be discerned about when it's successful or not.

we're seeing 158 successful authentications in the last 7 days from a consistent IP address and zero failures. That's consistent with the behavior you and Aaron Pearson described where the connection is reset as it suggest the connection never made it to our SFTP (either blocked by something between us or at our firewall). Do you have a timestamp of when one of those resets occurred? That will help us investigate further.

Mary Ryan, could you give us a few more details on the errors you're encountering? A user unable to access files or directories on the SFTP could be that path restrictions are imposed but that would be a consistent failure for a particular user. Is that the behavior the Boomi account is experiencing? Or are you seeing something more intermittent?

Morning all, if you've ruled out a potential IP address change, it would be very helpful to share the user account experiencing the intermittent connection timeouts/resets and the timestamp of a failed connection attempt. That should allow us to continue investigating.

- Drew Flock (Technolutions Director of Engineering), 11/6-8/2023

Useful Forum Posts w/Issues:

https://knowledge.technolutions.com/hc/en-us/community/posts/19866677242011-Sporadic-SFTP-Connection-Issues-from-WebAdmit?page=1#community_comment_21430707785883

https://knowledge.technolutions.com/hc/en-us/community/posts/20598367843995-Anyone-else-having-issues-with-outgoing-Slate-SFTP-connections-

https://knowledge.technolutions.com/hc/en-us/community/posts/20008552350875-SFTP-Issues

Using Postman and Endpoints

...