Store-and-forward through a firewall (Linux and the UNIX system only)

By default, the store-and-forward facility (the shipping server) cannot operate through a firewall. Passing through a firewall is usually accomplished by granting access to specific ports for certain IP addresses. Because the shipping server picks any available port number on the sending and receiving replica hosts to make the connection, there is no single port number (or even small range of port numbers) to which special access can be granted.

If your site uses a firewall, you can set up an "exposed host," a host that you configure to communicate through the firewall and on which you install the shipping server software. You configure the shipping servers on the replica hosts synchronization servers at your site to send packets to the exposed host, and the shipping server on the exposed host forwards the packets to hosts on the other side of the firewall. To maximize security on the exposed host, you must specify the range of port numbers that the shipping server can use.

Note: To enhance site security, install the shipping server on an exposed host only if other transport methods are unsuitable for your site. This method is not available for Windows™. For information about other methods, see File-based methods.
Store-and-forward configuration is an example of an exposed host configuration. The exposed hosts communicate through the firewall. The store-and-forward software is installed on them, but HCL VersionVaultHCL Compass software is not installed on them. HCL VersionVault and HCL VersionVault MultiSite are installed on the replica server hosts (labeled RA and RB).
Figure 1: Store-and-forward configuration