S2S initiates connections both ways?

I’‘m trying to get S2S set up between two internal corporate domains. One is a low security development domain, the other is a more secure production domain. For obvious reasons there is a firewall between them. The network admins opened 5269 from the production domain into the development domain but no traffic is allowed in the other direction. When I attempt send a message from the production domain to the development domain I see an “outgoing” connection established from production into development but no incoming connection. This make sense if in response to the production server’'s connection the development server is trying to initiate its own connection to the production server.

Is that how Wildfire S2S works? I’‘ve skimmed the XMPP RFCs and I don’'t see anything that requires a that both parties to an S2S interaction initiate their own connections. Am I missing something or is this a Wildfire design choice?

Thanks … WkH


I wonder if it helps to disable Server Dialback (Security Settings, Server Connection Security, Custom).


Actually dialback is disabled. TLS, however, is set to ‘‘Required’’. What I’'m really wondering is whether this is Wildfire specific behavior or if it is called out in the spec.

Thanks … WkH