%META:TOPICPARENT{name="InstallConfigODBC "}% = Firewall Considerations for Multi-Tier "Enterprise" Edition Data Access Drivers = * The Request Broker host must accept (and all intervening firewalls must permit) inbound connections from all client hosts (and from the Request Broker host itself) to (and responses from) -- #* TCP port **{{{60001}}}**, in all Releases; #* UDP port **{{{60001}}}**, in all Releases; #* TCP port **{{{5000}}}**, in Release 3.x and earlier; #* TCP port specified by Rulebook setting **{{{[Protocol TCP]:Listen}}}** in Release 4.x and later; default is **{{{5000}}}**; and #* TCP ports between Rulebook settings **{{{[Protocol TCP]:PortLow}}}** (default **{{{5000}}}**) and **{{{[Protocol TCP]:PortHigh}}}** (default **{{{60000}}}**) (including the port numbers specified for these settings). * The Generic Client hosts (and all intervening firewalls) must permit outbound connections to (and responses from) the Broker host on -- #* TCP port **{{{5000}}}**, in Release 3.x and earlier; #* TCP port specified by Rulebook setting **{{{[Protocol TCP]:Listen}}}** in Release 4.x and later; default is **{{{5000}}}**; and #* TCP ports between Rulebook settings **{{{[Protocol TCP]:PortLow}}}** (default **{{{5000}}}**) and **{{{[Protocol TCP]:PortHigh}}}** (default **{{{60000}}}**) (including the port numbers specified for these settings). * If the Database Agent makes a network connection to the target DBMS (in a "three-tier" or "gateway" deployment), the database server host must accept (and all intervening firewalls must permit) inbound connections on the DBMS listen port(s) (e.g., **{{{5432/tcp}}}** for PostgreSQL; **{{{1433/tcp}}}**, **{{{1433/udp}}}**, **{{{1434/tcp}}}**, and **{{{1434/udp}}}** for SQL Server, etc.). * If you have a stateful firewall, return packets from the Request Broker and Database Agents to the clients should be taken care of automatically. If not, you will also have to address the ephemeral client-side ports. * The Multi-Tier Admin Assistant listens at TCP port **{{{8000}}}** by default. This is configurable, via the {{{HttpPort}}} setting in the {{{[Startup]}}} stanza of the {{{www_sv.ini}}} file, typically found in the {{{w3config}}} subdirectory of the {{{bin}}} directory containing the Broker executable, {{{oplrqb}}}. == Related Documentation == * [[ConfigureServer-sideFirewallsForMulti-TierConnectivity | Configuring Server-side Firewalls for Multi-Tier Connectivity]] * [[UnableContactLicenseManager | Error Message: Unable to contact the OpenLink License Manager]] * [[OplmgrNetworking | OpenLink License Manager Networking Considerations]] * [[ConfigureMulti-TierRequestBrokerForUseOnMachinesWithMultipleNetworkCards | Configure Multi-Tier Request Broker for Use on Machines with Multiple Network Cards]]