10-27-2020 06:17 AM
I have looked at the firewall rules in
https://www.veritas.com/support/en_US/article.100017208
My setup is just a single backup exec server with locally attached disks for backup to disk (no cloud, not tape no remote storage). No other servers are used (apart from the agents). No alerts, no deduplication (I think).
Clients are windows servers.
Here we go...
The backup server needs to initiate communicate to the agents on port 10000 to the clients
The backup server then needs to inititiate communicate with agents on a dynamic address range (1024 to 65535 --can be customised)
The server also initiates with the agents on port 6101 for "browsing"(??). Do I need this?
Do I need to open up 3527/6106 (beserver), if so is it..
The agents need to initiate communication with the backup server on ports 3527 and 6106
OR
The backup server needs to initiate communication with the agents on ports 3527 and 6106
Same question with Backup Exec Job Engine(beengine) on port 5633
I am going to say that "backup exec managment" (port 5014) does not need to be open in a simple setup.
With the above in place ..... I do not need to touch any other FWs.
12-14-2020 04:25 AM
Finally heard back from veritas. We went through the document here
V-370-59792-00041 - How to configure Backup Exec with Firewalls (veritas.com)
for my simple setup.
Backup Exec Agent Browser | benetns.exe | 6101 | TCP |
Agents (the clients) browse the network for licence and media services..Therefore each server witha backup exec service needs to have port 6101 open for incoming traffic.
Backup Exec Server | beserver.exe | 3527, 6106 | TCP |
The backup exec serves must be able to communicate with themsleves and other servers on these ports, you must therfore open up theses ports to all a backup exec servers
Agent for Windows Agent for Linux Agent for Oracle on Windows or Linux | beremote | 10000 Dynamic range between 1024 to 65535 by default Can be customized | TCP |
These are the ports the servers listen on
Windows agents must have port 10000 open.
Linux agents need ports 1024 and 65535
Agent for oracle is fully customisationable.