TCP/IP port reservation

If you use the PORT or PORTRANGE statement in PROFILE.TCPIP to reserve the ports used by z/OS® Explorer, note that many binds are done by threads active in an RSE thread pool. The job name of the RSE thread pool is RSEDx, where RSED is the name of the RSE started task, and x is a random single digit number, so wildcards are required in the definition.

PORT      4035     TCP RSED   ; z/OS Explorer – RSE daemon
PORT      6715     TCP JMON   ; z/OS Explorer – JES job monitor
PORTRange 8108 11  TCP RSED*  ; z/OS Explorer – _RSE_PORTRANGE

You need to know the details about the encrypted communication setup when you use the SAF keyword in the PORT or PORTRANGE statement in PROFILE.TCPIP to control bind access by user ID:

When the variable enable_attls_policy in ssl.properties is set to false (no encryption or legacy encrypted communication), it is the client's user ID instead of the RSE daemon server ID that does the bind to the ports in _RSE_PORTRANGE.
When the variable enable_attls_policy in ssl.properties is set to true (encrypted communication using Application Transparent Transport Layer Security, AT-TLS), it is the RSE daemon server ID that does the bind to the ports in _RSE_PORTRANGE.