We've got some remote workers that need access to ArcGIS Pro through our organization. We use Named User licenses and allocate Pro access through the Portal as well, which works fine. Our LSA instance is running in a location that remote users can "talk" to. We've tested pinging the machine remotely, and it works.
For security reasons, we don't want to open the machine to just *any* traffic, so we only open the ports we need. Based on my license file configuration and all documentation I've read, I assumed that opening port 27000 and 27001 are all that is needed.
Not so!
When a remote user opens Pro, it fails to obtain a license. But if I write a security rule that allows all traffic from a user's specific IP address, it works.
So what's the difference? In the former, the LSA ports are open to anyone. In the latter, the specific user can use any port.
This, to me, suggests that either Pro or the LSA are trying to communicate over a different port. But which? I've even recorded my computer's activity using WireShark to try and see what's going on when Pro turns on and checks out a license, and I don't see anything obvious. Lots of Ports 27000 and 27001, as well as 443 for basic HTTPS traffic. Nothing else that seems to explain it.
Any insights?
Hello @jcarlson, have you tried to lock the vendor/ARCGIS daemon dynamic port to a specific port (like, for example, port 5152)? https://desktop.arcgis.com/en/license-manager/latest/configure-the-arcgis-license-manager-to-work-th...
When dealing with License Manager config issues I found this old GISSE post (and its first answer diagram/graphic) to be helpful.
I have it locked to a specific port already, but I will see where I get with that post you've linked. Thanks!