-----BEGIN PGP SIGNED MESSAGE-----
Peter Yau wrote:
> Since the replication session is udp based (port 1352 at the target end),
> what are the range of udp ports (presumably the upper range) that the source
> end (initiating) will end up opening for the replication session. I'm
> assuming that we don't have a peer-to-peer relationship where the udp port
> 1352 is opened at each end. If anyone can clarified this session, I'd
> appreciate it.
I don't know where you got this information, but it is not right. Notes
TCP based with the daemon port of 1352 (server side). Client side is,
usual, dynamically allocated.
You only need to allow TCP/1352 in through the firewall. I do not think
is a supper big risk, but the sites I setup have a "firewall" notes
outside their Internet firewall. This machine is in a different Notes
and has it's own Name and Address book. This way, external users do not
the slightest access to the corporate servers. I only allow the
servers to establish a connection OUT to the firewall Notes server for
replication and mail transfer.
> The other thing is security risk in conjunction with a client behind the
> Firewall doing a dialup session (XPC, PPP, or SLIP) to the external Notes
> Servers. This appears safe. Any comments, anyone.
Using Notes XPC is rather safe (assuming you trust Notes). My
on Solaris. Notes does not use the port monitor (zsmon) so you do not
need to enable it. This means that if Notes dies (yes, it happens now
and then) the system does not begin listening to the modem port. It
If you use PPP or SLIP, of course, users have general TCP/IP access to
Marc Mosko Email: marc @
"If anyone knocks out another's eye, he shall pay him
sixty-six shillings, six pence, and a third of a penny."
-- Leges Henrici Primi (13th century)
PGP Key availabe via Public Servers and
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----