This document describes the MassCHIP communications architecture, firewall configuration requirements and an overview of troubleshooting communications from secured sites. It provides general guidance for firewall administrators and is not intended to be a tutorial on the overall issues of firewall installation, configuration or security. This document is intended for network and firewall administrators.
The troubleshooting process documented below has been used repeatedly, and has been shown to dramatically shorten the process of troubleshooting firewall configuration problems. Please review this document and follow the enclosed troubleshooting process before requesting assistance with MassCHIP connectivity issues from firewall-secured sites.
MassCHIP Communications Architecture Overview
MassCHIP is an interactive query application that provides access to a data warehouse of information related to health statistics in Massachusetts. The MassCHIP application is a traditional client-server system, utilizing an SQL database engine on the "back end".
Although the MassCHIP client is downloaded from a web page, MassCHIP is not a native web application. The communication from the MassCHIP client to the MassCHIP server is a client-server, SQL database connection. The client does not communicate to the server using web server technologies.
Access to MassCHIP is through a TCP/IP Internet connection so that users connect from any location.
Firewall Configuration Requirements
MassCHIP requires that clients within the secured site be able to access the MassCHIP server on IP port 1433 at TCP/IP address 22.214.171.124. Firewall vendors use different terminology at the same time the general configuration requirements are the same. Whether the vendor calls the item to be created a "service", a "rule", a "tuple" or some other phrase, the following capabilities will need to be enabled:
- IP Addresses within the secured site will need to be able to initiate conversations with the server at 126.96.36.199 on IP port 1433.
- The server will need to be able to reply from its port 1433 to ports on the client system.
Please note: At this time MassCHIP does not support connections that are forced to pass through a TCP/IP proxy server.
This information is provided by MassCHIP within the Department of Public Health.