cancel
Showing results for 
Search instead for 
Did you mean: 

Another firewall question. Basic setup one sever, 10 clients

ericmartin
Level 3

I have looked at the firewall rules in
https://www.veritas.com/support/en_US/article.100017208

My setup is just a single backup exec server with locally attached disks for backup to disk (no cloud, not tape no remote storage). No other servers are used (apart from the agents). No alerts, no deduplication (I think).
Clients are windows servers.

Here we go...
The backup server needs to initiate communicate to the agents on port 10000 to the clients
The backup server then needs to inititiate communicate with agents on a dynamic address range (1024 to 65535 --can be customised)
The server also initiates with the agents on port 6101 for "browsing"(??). Do I need this?

Do I need to open up 3527/6106 (beserver), if so is it..
The agents need to initiate communication with the backup server on ports 3527 and 6106
OR
The backup server needs to initiate communication with the agents on ports 3527 and 6106 

Same question with Backup Exec Job Engine(beengine) on port 5633

I am going to say that "backup exec managment" (port 5014) does not need to be open in a simple setup.

With the above in place ..... I do not need to touch any other FWs.

 

 

 

1 REPLY 1

ericmartin
Level 3

Finally heard back from veritas. We went through the document here

V-370-59792-00041 - How to configure Backup Exec with Firewalls (veritas.com)

for my simple setup.

Backup Exec Agent Browser

benetns.exe

6101

TCP

Agents (the clients) browse the network for licence and media services..Therefore each server witha backup exec service needs to have port 6101 open for incoming traffic.

Backup Exec Server

beserver.exe

3527, 6106

TCP

The backup exec serves must be able to communicate with themsleves and other servers on these ports, you must therfore open up theses ports to all a backup exec servers

Agent for Windows

Agent for Linux

Agent for Oracle on Windows or Linux

beremote

10000

Dynamic range between 1024 to 65535 by default

Can be customized

TCP

These are the ports the servers listen on

Windows agents must have port 10000 open.

Linux agents need ports 1024 and 65535

Agent for oracle is fully customisationable.