Branch Servers Using DLS Cannot Communicate Through Firewalls

 Last reviewed: April 14, 1997
Article ID: Q164590
The information in this article applies to:
  • Microsoft SNA Server version 3.0

SYMPTOMS

Branch-based SNA Servers that use a Remote Link Service may not be able to communicate with a Central SNA Server if there are Internet firewalls or screening routers between the SNA Server systems.

CAUSE

You can configure Central SNA Servers that are distributing link services for remote SNA servers to use specific software port numbers. This allows administrators of Internet firewalls to filter packets based on port number, thereby denying/accepting their propagation to the private network.

Branch (or Remote) SNA Servers that use the Remote Link Service to communicate with the Central SNA Servers, use dynamic ports. The Distributed Link Service is installed on the branch server, as installed via SNA Server Manager (which appears with a link service name of SnaRemx within SNA Server Manager). Because these remote servers use dynamic ports, administrators could not determine what port number would be used, thereby limiting their ability to filter packets based on port numbers.

MORE INFORMATION

For additional information regarding SNA Server and Internet firewalls, please see the following article in the Microsoft Knowledge Base: 

   ARTICLE-ID: Q139508
   TITLE     : Internet Firewall Support in SNA Server

RESOLUTION

The SNA Server transport DLLs were modified to support registry entries that can be used to set fixed port numbers over the protocols supported by distributed link services. The supported protocols are TCP/IP, IPX/SPX, and Banyan Vines IP.

The updated SNA Server modules and registry entries below must be implemented on the branch (remote) SNA Server that is using the distributed link service.

The registry entry to be configured under the HKEY_LOCAL_MACHINE subtree will depend on the transport protocol being used as indicated here:

TCP/IP

   \System\CurrentControlSet\Services\SnaRemx\Parameters\
      LocalIpPort:REG_DWORD

IPX/SPX

   \System\CurrentControlSet\Services\SnaRemx\Parameters\
      LocalIpxPort:REG_DWORD

Vines IP

   \System\CurrentControlSet\Services\SnaRemx\Parameters\
      LocalVinesPort:REG_DWORD

   where "x" is the link service name. Note that there may be several
   "SnaRemx" link services installed on the branch server. The names
   default to SnaRem1, SnaRem2, and so forth.
WARNING: If you use fixed IP ports, you may be unable to open a connection for several minutes after it is disconnected.

The following files were modified to provide this support: 

   <snaroot>\system\snaip.dll
   <snaroot>\system\snanw.dll
   <snaroot>\system\snabv.dll

STATUS

Microsoft has confirmed this to be a problem in SNA Server version 3.0. This problem was corrected in the latest Microsoft SNA Server 3.0 U.S. Service Pack. For information on obtaining the service pack, query on the following word in the Microsoft Knowledge Base (without the spaces): 

   S E R V P A C K

Keywords : kbbug3.00 kbfix3.00.sp1 prodsna snadls
Version : 3.0
Platform : winnt
Issue type : kbbug
Resolution Type : kbfix

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: April 14, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.