Configuring Server-based FLEXnet/FLEXlm Licensing Through A Firewall


How do I enable floating or server-based node-locked licensing through a firewall?

Server-based Exelis Visual Information Solutions licenses (such as network floating licenses or server based node-locked licenses) require running the FLEXnet license manager program (lmgrd) on a designated license server machine, in order to administer the those licenses.

Running "lmgrd" (the "master daemon" program) also invokes the Exelis products vendor daemon program, "idl_lmgrd". Each of these two programs establish TCP/IP communication channels in order to communicate between each other and with Exelis programs that request access to the available license seats managed by the license manager service.

By default, a server-based Exelis product license file specifies a TCP port number of "1700" at the end of the "SERVER" line in the file. For example:

    SERVER myserver.mycompany.com 12345678 1700
    DAEMON idl_lmgrd

This port number can be changed in the license file if the port is already being used by another program on the same system.

Note that it is the "lmgrd" program that communicates using the port number listed on the SERVER line in the license file. Also note that by default, there is no TCP port number specified for the vendor daemon (idl_lmgrd) program. In this case, the vendor daemon port number is selected dynamically from a predetermined range of available port numbers.

A port number may be specified for the "idl_lmgrd" program on the "DAEMON idl_lmgrd" line of the license file. This forces "idl_lmgrd" to communicate using that specific port number rather than dynamically selecting a port number when the license manager is started.Discussion:
If a firewall is present, the system administrator may need to specify which TCP/IP ports are accessible from outside the firewall. If this is the case, it will be necessary to expicitly define both 1.) the TCP port that the "lmgrd" process will use, as well as 2.) the separate port number the "idl_lmgrd" will use. The vendor daemon port can be explicitly specified on the DAEMON line. For example:

    SERVER myserver.mycompany.com 12345678 1700
    DAEMON idl_lmgrd PORT=1701

For server-based licenses using a vendor daemon path specification, the daemon port number should appear after the path token on the DAEMON line:

    SERVER myserver.mycompany.com 12345678 1700
    DAEMON idl_lmgrd /usr/local/rsi/idl/bin PORT=1701

The "PORT=" entry on the DAEMON line allows explicit selection of both externally available ports. "1700" is the TCP port reserved for use by the lmgrd process while "1701" is the port used by the vendor daemon process idl_lmgrd. Both port numbers must be unused by other processes.

Accessing the licenses should not be any different than it would be in the absence of a firewall, except that the designated license server machine's license file and
LM_LICENSE_FILE system variables may need to use the server's fully qualified domain name or IP address. IDL license clients must be able to connect to both ports, regardless of whether the clients are inside or outside the firewall.

Please consult your system administrator for details about configuring/opening TCP ports in a firewall.Solution:


2 comments on article "Configuring Server-based FLEXnet/FLEXlm Licensing Through A Firewall"

Avatar image

Jian Yang

The last sentence is really important. All the procedures outlined in this article won't solve the problem unless the TCP ports (1700 and 1701) used for ENVI are specified to be accessible through a firewall.

Avatar image

Moritz Zimmermann

In case specifying the TCP Ports still does not enable you to check out a FL license, you may want to replace the servername in the license file with the server's IP address. Please contact support for that.

Please login or register to post comments.