Store-and-forward through a firewall

By default, the store-and-forward facility (the shipping server) cannot operate through a firewall. Passing through a firewall is usually accomplished by granting access to specific ports for certain IP addresses. Because the shipping server picks any available port number on the sending and receiving replica hosts to make the connection, there is no single port number (or even small range of port numbers) to which special access can be granted.

If your site uses a firewall, you can set up an "exposed host," a host that you configure to communicate through the firewall and on which you install the shipping server software. You configure the shipping servers on the synchronization servers at your site to send packets to the exposed host, and the shipping server on the exposed host forwards the packets to hosts on the other side of the firewall. To maximize security on the exposed host, you must specify the range of port numbers that the shipping server can use.

Note: To enhance site security, install the shipping server on an exposed host only if other transport methods are unsuitable for your site.
The following figure is an example of an exposed host configuration. The exposed hosts communicate through the firewall. The store-and-forward software is installed on them, but Rational® ClearQuest® software is not installed on them.
Figure 1. Store-and-forward configuration