KNOWLEDGE BASE ARTICLE

Ensuring Secure and Efficient Network Traffic for Umango

Proper network configuration is crucial for the optimal functionality of Umango's embedded apps on multifunction devices, especially when securing communication via HTTPS. This article outlines the challenges and solutions associated with network traffic routing, ensuring that your devices communicate securely and efficiently with the Umango server without unnecessary external routing.

Understanding the Challenge

With HTTPS enabled, a common challenge arises due to the way network traffic is routed. Typically, signed certificates are bound to a domain in a global DNS, causing the device's communication to be inadvertently directed outside the Local Area Network (LAN), loop through the global DNS, and then re-enter the LAN to reach the Umango server. This rerouting masks the device's local IP address, making it appear as an external IP address. The implications of this misrouting are significant:

  • Job Source Recognition: Umango needs to identify the device's local IP address to validate it as an assigned job source.
  • Session Management: Umango depends on the device IP for session management, as not all manufacturers support cookies in their embedded browsers. Identical external IP appearances disrupt this process, leading to potential data integrity issues.
  • Device Compatibility Checks: Upon loading the Umango app, an SNMP probe assesses the device's capabilities and settings. A failed SNMP probe, resulting from incorrect IP routing, triggers a "Driver not found" error, as these probes cannot operate over the internet.

Solutions for Secure and Localized Traffic

To address these challenges, we propose two main solutions that ensure traffic remains secure and local:

  1. Implementing a Reverse Proxy:
    • What is a Reverse Proxy? A reverse proxy server is a go-between for requests from clients seeking resources from a server. It routes traffic coming from multifunction devices to the appropriate server within the LAN.
    • Configuration Overview: To keep traffic local and maintain original IP information, configure a reverse proxy that directs incoming requests to the Umango server within the LAN. This method preserves the local IP addresses and ensures secure communication.
  2. Assigning an FQDN to the Umango Server:
    • The Role of FQDN: A Fully Qualified Domain Name (FQDN) is a complete domain name that specifies its exact location in the hierarchy of the Domain Name System (DNS). Assigning an FQDN to your Umango server ensures that the device requests are routed directly within the LAN.
    • Configuration Steps: Set up your internal DNS server to resolve the Umango server's FQDN to its local IP address. This prevents requests from being sent outside and maintains secure, internal traffic flow.
    • Guidelines: Detailed guidelines on FQDN setup can vary depending on the environment. Consult your network administrator or refer to specific DNS management documentation.

Troubleshooting

If you encounter issues, such as persistent SNMP probe failures or session mismanagement, verify your configuration settings for both the reverse proxy and FQDN. Ensure that the network's internal DNS server correctly resolves the FQDN to the Umango server's local IP address.

Conclusion

Correct network traffic routing is paramount for the seamless and secure operation of Umango on multifunction devices. Implementing a reverse proxy or assigning an FQDN to the Umango server are effective solutions to ensure secure, local, and efficient communication, safeguarding data integrity and device functionality.

Link to this article http://umango.com/KB?article=134