ADC instances in different Subnet/Network cannot contact the license server

For these kind of setup, an additional random port is utilized, due to which a tcp any any port ACL had to be configured on a firewall, which leaves the network vulnerable.

To avoid having this type of ACL rule, we can find out what is the random port that is currently been used by the licensing server, run the following command,

Run command “nsapimgr -s appfw_post_body_scan_limit=10240”

`sockstat | grep lmgrd` AND `sockstat | grep CITRIX`, and look for *:<portnumber> then we know which ports need to be opened.

E.g.

bash-3.2# sockstat | grep lmgrd

root lmgrd 26841 0 tcp4 *:27000 *:*

root lmgrd 26841 3 tcp4 127.0.0.1:27000 127.0.0.1:21135

bash-3.2# sockstat | grep CITRIX

root CITRIX 26849 0 tcp4 *:27000 *:*

root CITRIX 26849 3 tcp4 *:61433 *:*

In this case we need to open 27000 and 61433.

Note:

This port will hold till we restart the Licensing server

Related:

  • No Related Posts

Leave a Reply