Answer the question
In order to leave comments, you need to log in
What Internet access should be opened for 1C and its services?
Let me explain my question.
There are several accountants who work with the 1C Accounting 2.0 or 3.0 program.
Access to the Internet on the PC of these employees is organized by means of a proxy server, as well as for a number of sites such as nalog.ru, etc., access is open directly (through a router - gateway). But, despite all attempts to open access only to certain ip addresses, 1C cannot connect to the Internet to perform a number of operations.
For example, in Accounting 2.0, this is a service for checking counterparties - Reports --> Regulated report --> VAT declaration.
From the code, and from tcpview, I figured out that this request goes to npchk.nalog.ru , I also found ws.unisoft in the code , apparently this is the namespace.
Since I don’t quite understand which of the methods 1C goes to the Internet gave full access to *.nalog.ru on the proxy server, as well as calculating ip (nslookup npchk.nalog.ru - 81.177.31.8) and gave access to it on the gateway . All to no avail, I give full access to the gateway and everything works. I conclude that 1C doesn’t give a damn about the proxy server, it goes straight (NAT), but it’s not clear where. The difficulty is that on the gateway I can not give access by host name, only by ip.
In general, if someone has a list of host names, or even better ip addresses that 1C uses in its work, please share. Thank you.
Answer the question
In order to leave comments, you need to log in
The problem is solved, but first I want to inform you that I could not get the service to check counterparties through the gateway, opening access only to the necessary resources, although it is possible that I still missed some.
In my list, these were the following IP addresses
:
npchk.nalog.ru
oasis-open.org
schemas.xmlsoap.org
api.orgregister.1c.ru
api.taxregister.1c.ru
api.orgaddress.1c.ru
I missed something, maybe the rule on the gateway just doesn't work somewhere. Nuances can be many.
The issue was resolved by specifying authorization settings on the reporting proxy.
To do this in the configuration of 1C BP 2.0 (and I think 3.0 too), you need to go to the menu:
Reports --> Scheduled report. Next, click the "Settings" button, and then in the window that opens, in the "Document management with regulatory authorities" field, click on the link "here". Next, specify the authorization settings on the proxy server.
Thanks to all.
and what prevents the server from 1c from opening full access to the Internet on the gateway?
For services for checking counterparties by TIN and for filling in addresses for KLADR 1C, the following nodes are used:
api.orgregister.1c.ru
api.taxregister.1c.ru
api.orgaddress.1c.ru
To send reports via Kaluga-Astral, the following nodes are used:
key.astralnalog .ru
report.astralnalog.ru
and a few more (change from configuration to configuration)
If you don't want to open at all, then at least turn on the logs on the proxy and catch all rejects there. Well, a proxy is evil, more problems.
Is the proxy server registered in 1C?
Administration - General settings - Internet access settings
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question