DMZ server backup
Hello, I need to backup a good no of clients in the DMZ servers.The media server has been setup in same DMZ LAN, however the Storage is in internal network.So as to get a good throughput is there a way to Minimize / Avoid the traffic through FW during backup.
Thanks
In case you get challenged by your security team, you can point them to the fact that there are no public notifications of any known vulnerabilities in the latest versions of NetBackup Client:
https://www.us-cert.gov/ncas/current-activity
...and search for NetBackup.
.
As an additional measure IF you use specific physical NICs to create what is in effect a "DMZ backup subnet", then... whilst not a firewall, you should be able to get your network admins to place an ACL on the network ports, and/or possibly restrict specific LAN switch network physical ports to specific tcp port numbers e.g. tcp/1556 in each direction to tcp/any - ok, it's not a firewall, but it should still block all other traffic, except for NetBackup - without imparing performance. Ok, so you won't have stateful inspection of packets, but you should be able to restrict the the source to a specific TCP port (tcp/1556), and or whitelist the source and/or target IP or MAC addresses.