Configuring Firewalls to permit Multi-Tier Connectivity

If you use our Multi-Tier components through with a firewall, several ports must be opened to permit requests from Generic Clients to Request Broker and Database Agents (and their responses).

Some ports are user or admin configurable; some are not.

Unconfigurable Ports

TCP and UDP ports 60001 must be open. These ports are used by the Request Broker and the OpenLink License Manager, and cannot be changed.

Configurable Ports

Configurable ports are specified in the [Protocol TCP] section of your Session Rulebook (default, oplrqb.ini). You can use any text editor to open your Rulebook, and edit this section:

[Protocol TCP]
PingWatchdog       = No   
PingInterval       = 600   
;IPAddress          = 127.0.0.1    
Listen             = 5000
PortLow            = 5000
PortHigh           = 5025

• The Request Broker listens on the TCP port specified in the Rulebook as Listen. (Release 3.x and earlier listened at PortLow.)
  
• Listen and PortLow are generally best set to the same value.
  
• The Request Broker restricts Database Agents to use only ports in the range between (and including) those specified in the Rulebook as PortLow and PortHigh. Specific Agent ports are requested from and assigned by the operating system when an Agent is instantiated; they are not preemptively reserved.
  
• The span between PortLow and PortHigh is generally best set to twice the licensed number of Database Sessions. At minimum, this span should be the licensed number of Database Sessions plus 5 (and thus, not less than 10).

Related Documentation

• Firewall Considerations for Multi-Tier "Enterprise" Edition Data Access Drivers
  
• Error Message: Unable to contact the OpenLink License Manager
  
• OpenLink License Manager Networking Considerations
  
• Configure Multi-Tier Request Broker for Use on Machines with Multiple Network Cards