cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Pilgrim

Checking out licenses from vendor deamon tcp port

I'm running lmgrd and a vendor daemon and can check out licenses from a tcp port specified on SERVER line (e.g. 27000).
But I can also check out licenses from vendor tcp port which is chosen by OS by default on starting the license daemon.
Here a question. Is this an expected behavior?
If it is an expected one then can we avoid this feature rather than closing the port by firewall?
The version is Windows v11.13.
0 Kudos
5 Replies
Highlighted
Flexera
Flexera

lmgrd is nothing but a communication traffic manager

Hi,

lmgrd - the license manager as the name indicates has a major purpose to manage the license communication (along with other as well). When a client sends the communication handshake to lmgrd, in response lmgrd asks the client to try on another port to fetch the license (i.e. the VD port). Now in your case, you are directly accessing the VD port, hence the lmgrd channel is given a pass and checkout succeeds.

This is an expected observation. Could you elaborate on what you meant by "If it is an expected one then can we avoid this feature rather than closing the port by firewall?"

Regards,
Abhay
0 Kudos
Highlighted
Pilgrim

Firewall should allow both the SERVER and VD port

Hi Abhay,

Thanks for the replay. I understand that it is an expected behavior.

> Could you elaborate on what you meant by "If it is an expected one then can we avoid this feature rather than closing the port by firewall?"

I have been assuming that user should checkout from tcp port on specified in SERVER line and the VD port is just for inter daemon communication.
So I wanted to avoid user from checking out via the VD port for security point of view.
But now it sounds making no sense to close the VD port because user client eventually checkouts from the VD port.
Then I have to keep opening the two SERVER and VD port, correct?
0 Kudos
Highlighted
Flexera
Flexera

Re: Checking out licenses from vendor deamon tcp port

That's absolutely correct.

For security reasons (from direct attack on VD), lmgrd kind of acts like the cover unit, hence it is in best practice to keep both the ports open. And also share only the lmgrd port to the end users to connect and fetch the licenses.

Regards,
Abhay
0 Kudos
Highlighted
Pilgrim

Re: Checking out licenses from vendor deamon tcp port

Thanks a lot for the quick response. I understood:)
0 Kudos
Highlighted
Flexera
Flexera

Re: Checking out licenses from vendor deamon tcp port

Great news...... Happy to help.

Regards,
AP
0 Kudos