The replication server component in each PingDirectory server listens on a TCP/IP port for replication communication.
This replication server port, typically 8989, must be accessible from all PingDirectory servers participating in replication. The server-to-server communication channel is kept alive using a heartbeat, which occurs every 10 seconds. This traffic prevents firewalls from closing connections prematurely.
The replication command-line utility (dsreplication) requires access to all PingDirectory servers participating in replication. This includes the LDAP or LDAPS port of the servers.
When configuring firewalls, keep these communication requirements in mind.