Problem

-When Interchange acts as FTP client in active mode through a DMZ zone (XSR), it sends PORT to the server to indicate where to establish the data session.

 However, the ports that were opened for this purpose, when they were not used, XSR does never free/remove them

Resolution

* If the ports have been opened once, they will be left opened on the XSR box until the RA is restarted, but they will be in-active if not used. This has been the design due to performance reasons. The ports will be reused on the XSR box as needed and specified by the Interchange TE nodes.

You can limit the ports for FTP data session by using the tuning parameters (available 5.10.0_SP9_P8 onwards):

ftpactiveminport.ACTUAL_HOSTNAME
ftpactivemaxport.ACTUAL_HOSTNAME

where ACTUAL_HOSTNAME should be replaced with the hostname of the machine.

You can give the port range with actual port numbers.

Example:
ftpactiveminport.ITEM-12345=7000
ftpactivemaxport.ITEM-12345=7020

That means that it will only open ports between 7000 and 7020 on both the Interchange machine and the XSR box.

Note:- Be careful to specify a different range for each machine if running in cluster as the two Interchange machines won't question each other for what ports they have opened.