How To: Access an ArcSDE service through a firewall.


To provide access to an ArcSDE service inside a system security firewall, the host computer on which the ArcSDE service is installed should be listed in your domain name server (DNS) database. The domain name server must be registered with your Internet Service Provider (ISP) or directly with InterNIC (now called Network Solutions), the organization that registers Internet domain names.


Your DNS resolves the IP address of your computer to the name, or Unique Resource Locator (URL), you wish to make accessible to the Internet. In most cases, you will have more machines within your local network than you will have Internet IP addresses for. In this case, you would maintain your own set of internal IP addresses known only to your Local Area Network (LAN). Your firewall, or proxy server software, will translate your internal IP addresses to Internet IP addresses when you access computers outside you LAN.

Since ArcSDE services listen for connections on a TCP/IP port number that corresponds to your ArcSDE service name, you must also add the TCP/IP port number to the server name when connecting to it. You can specify an ArcSDE server name in two ways. You can either use the DNS name if it is available, or you can connect to it directly using its Internet IP address.

For example, our domain name esri.com has been registered with InterNIC, and we identified our DNS as IP address Our DNS has the IP address for the ArcSDE server Toshi in its DNS database. The internal IP address for Toshi is, which is translated to another IP address (say, for example, when Toshi sends and receives information through the firewall. The ArcSDE service running on Toshi is listening for connections on the service name esri_sde3, which corresponds to TCP/IP port number 5165. So if you wish to connect to that particular ArcSDE service, you must specify either the server name “toshi.esri.com:5165” or identify Toshi by its IP address “”. In both cases you must also include the service port number, 5165.

If you cannot connect to an ArcSDE service through a firewall, test the accessibility of the remote ArcSDE server with your Internet browser by specifying either the server name and TCP/IP port number or the IP address and TCP/IP port number as the URL.

The correct syntax is:
<server name>:<port number>
<IP address>:<port number>
This information is found on page 12 of the "ArcSDE Administration Guide", a copy of which is included with ArcSDE 8.0.