Forum Discussion

ericmartin's avatar
ericmartin
Level 3
5 years ago

Another firewall question. Basic setup one sever, 10 clients

I have looked at the firewall rules in
https://www.veritas.com/support/en_US/article.100017208

My setup is just a single backup exec server with locally attached disks for backup to disk (no cloud, not tape no remote storage). No other servers are used (apart from the agents). No alerts, no deduplication (I think).
Clients are windows servers.

Here we go...
The backup server needs to initiate communicate to the agents on port 10000 to the clients
The backup server then needs to inititiate communicate with agents on a dynamic address range (1024 to 65535 --can be customised)
The server also initiates with the agents on port 6101 for "browsing"(??). Do I need this?

Do I need to open up 3527/6106 (beserver), if so is it..
The agents need to initiate communication with the backup server on ports 3527 and 6106
OR
The backup server needs to initiate communication with the agents on ports 3527 and 6106 

Same question with Backup Exec Job Engine(beengine) on port 5633

I am going to say that "backup exec managment" (port 5014) does not need to be open in a simple setup.

With the above in place ..... I do not need to touch any other FWs.

 

 

 

  • Finally heard back from veritas. We went through the document here

    V-370-59792-00041 - How to configure Backup Exec with Firewalls (veritas.com)

    for my simple setup.

    Backup Exec Agent Browser

    benetns.exe

    6101

    TCP

    Agents (the clients) browse the network for licence and media services..Therefore each server witha backup exec service needs to have port 6101 open for incoming traffic.

    Backup Exec Server

    beserver.exe

    3527, 6106

    TCP

    The backup exec serves must be able to communicate with themsleves and other servers on these ports, you must therfore open up theses ports to all a backup exec servers

    Agent for Windows

    Agent for Linux

    Agent for Oracle on Windows or Linux

    beremote

    10000

    Dynamic range between 1024 to 65535 by default

    Can be customized

    TCP

    These are the ports the servers listen on

    Windows agents must have port 10000 open.

    Linux agents need ports 1024 and 65535

    Agent for oracle is fully customisationable.