000019706 - Which ports should be opened through firewall to allow Replication from Primary to Replica?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019706
Applies ToMicrosoft Windows
UNIX (AIX, HP-UX, Solaris)
RSA Authentication Manager 6.0
RSA ACE/Server
Port 5580/TCP for RSA ACE/Server offline authentication
IssueWhich ports should be opened through firewall to allow Replication from Primary to Replica?
ResolutionThe firewall rules should reflect two way communication between the Primary and Replica

The Firewall needs to have a rule from the Primary ACE/Server to talk to each Replica, and a rule for Each Replica to talk to the Primary ACE/Server through the following ports:

securidprop_xx   Primary          1024 - 65535/tcp  -->  55xx/tcp (5506...5516)    Each Replica
                 Each Replica     55xx/tcp          -->  1024 - 65535/tcp          Primary

sdlog            Primary          1024 - 65535/tcp  -->  5520/tcp                  Each Replica
                 Each Replica     5520/tcp          -->  1024 - 65535/tcp          Primary

sdserv           Primary          1024 - 65535/tcp  -->  5530/tcp                  Each Replica
                 Each Replica     5530/tcp          -->  1024 - 65535/tcp          Primary

ACE/Server Primary Lock Manager must have a rule set to talk to each replica. Each replica's Lock Manager must also be able to communicate locking calls to every other replica's Lock manager. The lock manager communicates on 5560/TCP.  Therefore you must create a rule so that the Primary and Replica can communicate with each other.

sdlockmgr        Primary           1024 - 65535/tcp -->  5560/tcp                  Each Replica
                 Each Replica      5560/tcp         -->  1024 - 65535/tcp          Primary                

Also you must have a similar rule for communication from the Replica to all other Replicas in your Realm

sdlockmgr        Each Replica      1024 - 65535/tcp -->  5560/tcp                  Each Replica
                 Each Replica      5560/tcp         -->  1024 - 65535/tcp          Each Replica
Legacy Article IDa3931