This forum has been archived. Please start a new discussion on GitHub.

Glacier2 Application - SSL Configuration


I have a question concerning the SSL-Configuration of a Glacier2 ICE Application.

Let's assume I have a glacier2.conf with

Glacier2.Client.Endpoints=ssl -p 4064 -h my.wan.domain
Glacier2.Server.Endpoints=tcp -h my.local.ip.address

And a client-configuration:

Ice.Default.Router=DemoGlacier2/router:ssl -p 4064 -h my.wan.domain
Registration.Proxy=callback:tcp -h my.local.ip.address -p 20020

Do I understand this correctly, that for wan-communication tcp port 4064 is used and between glacier2router and server-service tcp 20020 is used?

When I use twoway-communication, how do I have to configure firewall at my client?

Thanks for you support.

Best Regards




  • benoit
    benoit Rennes, France


    You understand it correctly. The client establishes a connection to Glacier2 on port 4064 and Glacier2 will establish a connection to the server (on behalf of the client) on port 20020.

    When using Glacier2, the client establishes a single connection to the Glacier2 router instance and this connection is a bi-directional connection. The client can send requests to the server using this connection but also receive requests from the server on this same connection. So there's no need to configure the firewall on the client to allow incoming connection establishment.

    For more information on this, I recommend you to take a look at the following articles:


  • H Benoit, thank you very much for the explanation.
    So, if I would have to configure outgoing firewall traffic, I would must allow only outgoing traffic for port 4064 in that case, right?

    Best Regards Klaus

  • benoit
    benoit Rennes, France

    Yes, if you want to restrict outgoing traffic on the client machine, you will indeed need to allow outgoing traffic to port 4064 to allow the client to connect to the Glacier2 router instance.


  • All Right, thanks!