Geoff - It would be helpful if you would reply with the results of specific suggestions. Last week I suggested a co-resident client-server test using local address 127.0.0.1, which would thus eliminate external networking/routing and exercise only the TCP/IP stack. If that doesn't work and the port still shows its Listen state, it tends to suggest a problem in the TCP/IP stack. However, we've not heard of anyone else having such a problem, so that seems doubtful.
I've seen an AIX system experience networking hangs (at the AIX 4.x level) before: I recall that I did an ifconfig down and then up on the interface, which cleared that instance. Since the problem came with site changes in router/switch configuration (you cited firewall changes), that could well be the issue. It may be that the device may be misconfigured in QoS terms where after a certain amount of traffic the device denies further transmissions. Another obvious thing you can do to try to isolate the problem is change the TCPPort number of the TSM server and a test client from 1500 to something else, to see if it's a port number issue. Richard Sims
