Skip to main content

FIX Gateway Connections

Issue

The FIX Client complains about the connection to Ember's FIX Gateway.

Troubleshooting Options

To troubleshoot this issue, follow the steps outlined in this document.

Before you begin, take note of the client's SenderCompID(49) and dedicated FIX port. Both should be assigned in ember.conf.

Step 1: Check the Ember Log

In the Ember logs, check for any errors associated with the client's SenderCompID or port number.

If you do not see any logging, you likely have a networking problem. Continue to Step 2: Do a TELNET Test.

If you do see any errors, the error should give you a clue of the issue (for example, wrong password, SessionCompID mismatch, client already connected, etc.)

Common Pitfalls

Some common pitfalls include:

  • A port mix-up at the network configuration infrastructure level. For example, AWS NLB has an incorrect mapping of the listen/target ports.
  • FIX Session parameters are mixed up. Check that they are configured correctly, especially TargetCompID(56) and SenderCompID(49). Remember that these tags are relative:
    • For inbound FIX messages, SenderCompID identifies the client that is trying to initiate a session and TargetCompID identifies the FIX Gateway.
    • For outbound FIX messages, tags are reversed. The FIX Gateway acts as the Sender and the client acts as the Target.
  • The client is trying to connect due to scheduled FIX session active hours. Check if FIX session schedule is defined in ember.conf and whether the client is trying to connect during the session's active time.

Step 2: Do a TELNET Test

Check wether the client can use TELNET to connect to the host and port designated by the FIX Gateway.

If TELNET responds with a Connection timeout:

  • Check your firewall or Security Group to make sure a client with a given source IP range is allowed to connect to the session port.
  • Check your VPN or direct connect.

If TELNET establishes a connection, proceed to Step 3: Do an SSL/TLS Test.

Step 3: Do an SSL/TLS Test

In most cases, FIX traffic is protected with SSL/TLS.

To do an SSL/TLS test:

  1. Make sure the client is using TLS 1.2+ software to establish the FIX connection.
  2. Read TLS logs to see if there are any mismatches in TLS versions and ciphers.

Advanced Troubleshooting

Each FIX session is designated a specific server port. You can try capturing all TCP traffic to and from this port using tools like TCP Dump or Wireshark. See the FIX Gateway Administrator Guide for examples.

As an alternative to TCP Dump or Wireshark, you can enable the VPC flow log if you are hosting your environment in AWS. This feature is explained in Appendices A and B of the FIX Gateway Administrator Guide.