firewall vs Soap (electronic billing API)

Question

This is a complex question since it includes configuration and programming at the same time, but neither Sophos support nor the electronic billing service (consumer API) have given me an answer.

context/scenario:

I have an HP dedicated server with a LAMP setup in my office which, like all the computers, is behind a Sophos firewall and I am trying to consume EXTERNAL electronic billing API through the SOAP Client using PHP.

The PHP scripts that are executed are the following:

• enviroment:

ini_set("soap.wsdl_cache", 0);
ini_set("soap.wsdl_cache_enabled", 0);
ini_set('max_input_time', -1);
ini_set('default_socket_timeout', 600);

• for quality

$url = 'https://url.com/ws/obj/v1.0/Service.svc?singleWsdl';
$ws = new SoapClient($url );

• for development

$url = 'https://url.com/ws/obj/v1.0/Service.svc?singleWsdl';
$ws = new SoapClient($url , [
    'trace'              => true,
    'keep_alive'         => false,
    'connection_timeout' => 600,
    'cache_wsdl'         => WSDL_CACHE_NONE,
    'compression'        => SOAP_COMPRESSION_ACCEPT | SOAP_COMPRESSION_GZIP | SOAP_COMPRESSION_DEFLATE,
]);

• consumption of the method assigned by the api service:

    $tokenCompany= '******************';
    $tokenPassword = '******************';
$parametros = [
    'tokenEmpresa'  => $tokenCompany,
    'tokenPassword' => $tokenPassword,
    'documento'     => $bill,
];

$result = $wsPa->__soapCall('Enviar', [$parametros]);

result of execution outside the network (without firewall)

• Last Request:

kqyyyeverpza_tfhkal+?+X66Xd1d;000010101000000350012023-11-02T08:32:56-05:00011111111Prueba de Información de interés012155596713-2-201559FE generalAv. Balboa1-2-3Bocas del ToroChanguinolaGuabito997-8243wnunez@avipacinc.comPACuadernosTund1.002020-12-251410cm1.000.001.000.000.001.0000.0001.00000.000.000.00CuadernosTund1.002020-12-251410cm1.000.001.000.000.001.0000.0001.00000.000.000.002.000.000.000.002.402.400.00122.40022.40

• Header of the Request:

string(273) "POST /ws/obj/v1.0/Service.svc HTTP/1.1 Host: url.com Connection: close User-Agent: PHP-SOAP/7.4.33 Accept-Encoding: gzip, deflate Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IService/Enviar" Content-Length: 4516

• Last Response

string(1189) "102errorEl documento está duplicadoFE0120000033159-58-250697-1000002023110200000000350010128662140712https://dgi-fep-test.mef.gob.pa:40001/Consultas/FacturasPorQR?chFE=FE0120000033159-58-250697-1000002023110200000000350010128662140712&iAmb=2&digestValue=OMl5rShuhLn3NPsqci+GgAIOmwrwAlEgupAz07KcM0Y=&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaEZFIjoiRkUwMTIwMDAwMDMzMTU5LTU4LTI1MDY5Ny0xMDAwMDAyMDIzMTEwMjAwMDAwMDAwMzUwMDEwMTI4NjYyMTQwNzEyIiwiaUFtYiI6IjIiLCJkaWdlc3RWYWx1ZSI6Ik9NbDVyU2h1aExuM05Qc3FjaStHZ0FJT213cndBbEVndXBBejA3S2NNMFk9In0.PPrSt0j7-CYWKY6U_cWl--YCSQtSFOh8Ujm_f_EuqY42023-11-02T07:11:430000155596713-2-201520230000000005329969"

• Response Header

string(284) "HTTP/1.1 200 OK Date: Thu, 02 Nov 2023 13:32:57 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 969 Connection: close Cache-Control: private Content-Encoding: gzip Vary: Accept-Encoding Server: Microsoft-IIS/10.0 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET

note: What we are trying to evaluate is the communication, not whether the billing system correctly handles the document, see the next point.

result of execution inside the network (with firewall) ERROR

• Last Request:

kqyyyeverpza_tfhkal+?+X66Xd1d;000010101000000350012023-11-02T08:32:56-05:00011111111Prueba de Información de interés012155596713-2-201559FE generalAv. Balboa1-2-3Bocas del ToroChanguinolaGuabito997-8243wnunez@avipacinc.comPACuadernosTund1.002020-12-251410cm1.000.001.000.000.001.0000.0001.00000.000.000.00CuadernosTund1.002020-12-251410cm1.000.001.000.000.001.0000.0001.00000.000.000.002.000.000.000.002.402.400.00122.40022.40

• Header of the Request:

string(273) "POST /ws/obj/v1.0/Service.svc HTTP/1.1 Host: url.com Connection: close User-Agent: PHP-SOAP/7.4.33 Accept-Encoding: gzip, deflate Content-Type: text/xml; charset=utf-8 SOAPAction: "http://tempuri.org/IService/Enviar" Content-Length: 4516

• Last Response

NULL

• Response Header

NULL

• Error Output:

SoapFault exception: [HTTP] Error Fetching http headers in /var/www/html/test.php:613 Stack trace: #0 [internal function]: SoapClient->__doRequest() #1 /var/www/html/test.php(613): SoapClient->__soapCall() #2 {main}

So I've reached the point where I don't know what to do, I thought about two things:

• Determine if the Sophos firewall requires additional configuration to pass the API headers / response by transparent rule.

• Determine if need to add anything additional to the SOAP client configuration to prevent the firewall from blocking API consumption (response headers).

Neither support knows what to do, much less me, if anyone with experience has dealt with this I would appreciate at least a comment or response.