Did this article resolve your question/issue?


Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025



What ports need to be open for OpenEdge Replication through a firewall

« Go Back


Article Number000019258
EnvironmentProduct: Progress OpenEdge
Version: All supported versions
OS: All supported platforms
Question/Problem Description
What ports need to be open on a firewall for OpenEdge Replication target database server
Is there an additional port or range of ports that need to be opened on the firewall in order for OpenEdge Replication Server process to communicate with the OpenEdge Replication Target?
Steps to Reproduce
Clarifying Information
Error Message
Defect/Enhancement Number
To allow the Replication Server and Replication Agent(s) to communicate through a firewall, apart from the target database Broker port (-S), the Agent listener ports that the rpagent process starts on (listener-minport, listener-maxport ) must be open on the firewall.

1. The target database Broker port is defined by :
  • The Service (-S) target database startup parameter
  • The port value listed in the [control-agent.agent] section of the configuration file.
  • The control-agent.agent port defined in the configuration file is the same as the -S Service value used to start the target database. They are referred to differently by the various code-path network communications.
  • [control-agent.agent1]
2.    The Agent listener ports
  • The listener-minport and listener-maxport aren't known until after the RPLS is able to connect to the target database Broker listener port
  • Once the RPLS is connected to the target database login broker port, the rpagent (RPLA) takes a port in the range defined by the listener-minport and listener-maxport range defined in the [agent] section of the configuration file to communicate with the RPLS.  
  • Replication uses 1 tcp/ip connection between the replication server (RPLS) and agent (RPLA). This range be reduced down to as little as one port if it can be guaranteed to always be available, but not advised.   When DSRUTIL is used to failover or failback it will open a connection peer on the other end depending on the failover configuration set. DSRUTIL -C MONITOR does not use tcp/ip at all.
  • The replication agent listener-minport port must not start with the same number as the port defined for the replication target database in the file under the control-agent.agent1 section
  • The Service Port (-S) the target database is started with must not be be part of the listener-minport listener-maxport range. 
  • If two target databases are configured, then consider all agent port definitions
  • If replication failover or OpenEdge 11.7 replication sets are configured, there is also the 'agent' port of the source database to consider
  • The default values are:
Last Modified Date7/19/2018 7:32 AM