Reverse Invoke / outbound messages

Hi everybody,

when implementing the Reverse Invoke for outbound/inbound messages we authorized both out RI machine and the partner machine to communicate through the specified public IP/port. then the partner can send a message to our RI, and the inbound message is received in the internal IS.

the problem is with outbound messages, we use wm.EDIINT:send that sends the messages directly to the partner through the delivery method, but the the distant machine isn’t authorized in our firewall. the only possibility today is to pass through the RI.

Is the RI responsible for the delivery of outbound messages as well? what is recommended in this case? (best practice)


Yes you can send outbound through RI but you may need to add an extra steps from Internal to RI and send outbound delivery from RI (proxy)–> to the Partner and this is not usual even though you send direct to the TP since you are on AS2 already it is encrypted data…


unless you have your own code on RI, all outbound request will not go through RI. They will directly reach your partner’s IP. So you have to open your firewall for outbound connections for those IP.
outbound connections are not regarded as security threat normally.


thank you rmg, Tong Wang or your usual support.

our customer rejected neither the possibility to open the firewall to directly reach the TP, nor the use of an existing third HTTP proxy (it’s the only proxy used for Internet connections) for outbound messages.

the only possibility remaining for us is the use of RI to send those messages. can you please list me the drawbacks of this option, and the steps to follows to send a message successfully through RI?

i have realized that it’s pretty complicated since you’ll have to manage some technical aspects such as encryption, signature…

Kind regards

Yes going thru RI outbound message you may need EDIINT module install on the RI side as well since you send HTTP to RI and then inturn RI send AS2 to the customer.


RI is really for handling inbound load only.
you use it as a delivery service, that means creating code on RI for delivery and create code on internal server for sending to RI server.

I still suggest you to try to convince your client to open firewall for outbound connections.
3rd party proxy should be considered if the firewall is not an option.

Yes those are the only 2 options for sending outbound traffic securly.

Mostly do the outbound open firewall to the particular connection desired and send it across.