Q100216: How to Use A License Server Through a Firewall

Follow

SUMMARY

If you have a firewall running on your license server machine then it may block license requests from other machines on the same network.

It is possible to make the license server work through the firewall by adding exceptions to the firewall settings, either for the license server executable or by opening the ports the license server uses.

 

MORE INFORMATION

If you have installed your floating licenses, installed and started the server tools, pointed the other machines on your network to your server correctly, but you still cannot get a license then a firewall on the server could be blocking the license requests.

A typical licensing error message caused by a firewall is:

==> nuke_i : Communications error with license server (-17)
==> Connection refused at server (-111)

In order to fix this, you need will need to change your firewall settings to allow the license server software to communicate through the firewall. The exact steps that you need to take will depend upon the OS of your license server.

NOTE: The paths below are for the server tools installed by Foundry Licensing Utility 8.  If you have an older version installed then you need to replace "LicensingTools8.0" with the version you are using, e.g. "LicensingTools7.3"

 

LINUX

Please consult your system administrator for the exact steps but the following information will be useful.

Program Exceptions
If you're opening the firewall to a specific program, the RLM Server program you need to specify is "rlm.foundry" from the following directory:

/usr/local/foundry/LicensingTools8.0/bin/RLM/

 

Port Exceptions
If you are opening ports on your firewall you will need to open two for the RLM server - one for the main port that is specific on the HOST line of the license (default value of 4101) and one for the ISV vendor daemon part of the server.

The port the ISV runs on changes randomly whenever the server restarts unless it is set in the license file.  If you are opening ports on the firewall then you need to set a dedicated port for the ISV, instructions on how to do this are available in: Q100374: How to make the RLM server use a dedicated ISV port 

 

NOTE: You'll need to fully restart the license server(s) after adding these ports for the changes to take effect.  You can do this by running the following terminal commands as root or with sudo.

/etc/init.d/foundryrlmserver stop

/etc/init.d/foundryrlmserver start

After you've set the ports for the server you can then open them on your firewall settings.

 

macOS

The exact steps will depend upon the version of OSX that you're running, but they should be like the following.

  1. Open your System Preferences and click on Security & Privacy
  2. Go to the Firewall tab and click the Firewall Options button.  You may need to click the lock icon at the bottom-left to enable changes
  3. Under the list of incoming connections, click on the + (plus) button to add a program
  4. Navigate to "/Applications/TheFoundry/LicensingTools8.0/bin/RLM" then select "rlm.foundry" and click Add
  5. You can then lock these changes by clicking on the Lock icon on the bottom left of the System Preferences window.

 

WINDOWS

There are two firewall exception methods on Windows, Program Exceptions and Port Exceptions.  The Program Exceptions is the easiest method to turn on.

Program Exceptions:

Either:

  1. From the Windows Start menu, click Control Panel > System and Security > Windows Firewall and then click on the Advanced Settings link on the left hand side.
  2. Select Inbound Rules in the left-hand panel and click New Rule
  3. Select Program and then click Next.
  4. Select This program path and then browse to the location of the RLM server:
    C:\Program Files\The Foundry\LicensingTools8.0\bin\RLM Add rlm.foundry.exe.

    or
  1. From the Windows Start menu, click Windows Security > Firewall and network connection
  2. Select Allow an app through the firewall
  3. Click on the Change Settings > Allow another app link on the right hand side.
  4. Browse to the location of the RLM server:
    C:\Program Files\The Foundry\LicensingTools8.0\bin\RLM Add rlm.foundry.exe.



  5. Click Allow the connection and then click Next.
  6. Select all the checkboxes that apply to the rule. Domain, Private, and Public in the example below.
  7. Click Next and enter a meaningful name for the rule, such as RLM_SERVER and then click Finish to complete the process.
  8. Launch the Foundry Licensing Utility (FLU), click on License Server then Control Server, then Stop and Start the License Server.

Port Exceptions:

If you are opening ports on your firewall you will need to open two for the RLM server - one for the main port that is specific on the HOST line of the license (default value of 4101) and one for the ISV vendor daemon part of the server.

The port the ISV runs on changes randomly whenever the server restarts unless it is set in the license file.  If you are opening ports on the firewall then you need to set a dedicated port for the ISV, instructions on how to do this are available in: Q100374: How to make the RLM server use a dedicated ISV port 

NOTE: You'll need to fully restart the license server(s) after adding these ports for the changes to take effect.  The easiest way to do this is to uninstall and reinstall the server tools from the Foundry Licensing Utility (FLU).  In the FLU, click on License Server > Uninstall and follow the steps.  Then click on License Server Install and follow the steps.

Once you've added the ports to the license file(s) you can then add port exceptions to your firewall settings. 
  1. From the Windows Start menu, click Control Panel > System and Security > Windows Firewall and then click on the Advanced Settings link on the left hand side
  2. Select Inbound Rules in the left-hand panel and click New Rule
  3. Select the Port radio button and then click Next.
  4. Select TCP and Specific local ports, enter the port number from the HOST/SERVER line of the license, in the field provided (e.g. 4101 in the example) and click Next
  5. Select Allow the connection and click Next
  6. Select when the new rule should be applied using the checkboxes (we recommend applying the rule at all times but you can modify this as required) and click Next.
  7. Enter a meaningful name for the new rule, for example RLM_HOST, and write a description, if required and then click on Finish
  8. Select the new rule from the Inbound Rules list and click Properties
  9. Click the Programs and Services tab, select This program, and browse to "C:\Program Files\The Foundry\LicensingTools8.0\bin\RLM\rlm.foundry.exe" and click Open to the Properties dialog.
  10. Click Apply, and close the dialog.
  11. Repeat the process for the ISV line port, replacing the port number and rule name.
  12. Click the Programs and Services tab, select All programs that meet the specified conditions and click OK to close the dialog.

 

FURTHER READING

Fore more information, please see the "Troubleshooting Licenses - Firewalls" section of the Foundry Licensing Online Help

    We're sorry to hear that

    Please tell us why