By default, the store-and-forward facility (the shipping server)
cannot operate through a firewall. Passing through a firewall is usually accomplished
by granting access to specific ports for certain IP addresses. Because the
shipping server picks any available port number on the sending and receiving
replica hosts to make the connection, there is no single port number (or even
small range of port numbers) to which special access can be granted.
If
your site uses a firewall, you can set up an “exposed host,” a host that you
configure to communicate through the firewall and on which you install the
shipping server software. You configure the shipping servers on the synchronization servers at your site to
send packets to the exposed host, and the shipping server on the exposed host
forwards the packets to hosts on the other side of the firewall. To maximize
security on the exposed host, you must specify the range of port numbers that
the shipping server can use.
Note: To enhance site security, install the shipping server on an exposed
host only if other transport methods are unsuitable for your site.
Figure 1 is an example
of an exposed host configuration. The exposed hosts communicate through the
firewall. The store-and-forward software is installed on them, but
Rational® ClearQuest® software
is not installed on them.
Figure 1. Store-and-forward configuration