What are the minimal ports that need to be open to use groupwise online
remotely (by use of vpn) ?
We use the novell client 4.91sp4 and groupwise 7.0.3hp on windows xp sp2.

- dns resolving for both udp and tcp are authorized and an user
authenticates to the FQDN like mail.domain.com
- port 1677 is open, but then it takes 10 minutes, before you can do
- after monitoring with an account with full rights to every protocol and
port, we see NCP being used, so after having this authorized, it is already
much better.
Still have to wait 1 minute.

Could it have something to do with the primary or dns suffix entries?
We do not use primary or dns suffix entries, so these are empty. The
connection suffix is being set by the dhcpserver. So this name differs for
each person at home.
What we see in the capture is that the groupwise server name is being
accessed by its hostname, like <servername>.<connection suffix>
An enduser can not resolve these server names remotely, unless the FQDN is
being used.
We do not wish to change primary of dns suffix entries, and prefer changes
on the serverside instead of clientside, but is this possible in this
Anyone has experience with this ?

Also some icmp request are being made. Is it required to allow icmp to the
groupwise server?


by the way : if we remove the novell client, then only port 53, 1677 are ok
and performance is ok (within 10 seconds groupwise client opens)