I'm one who made it through the guantlet of figuring out how to get BE to backup servers in a DMZ through a firewall. During that stressful experience, I was told that 10.0 would make the job easier and no customizations to BE or holes in firewalls would be required. Is that actually now true?
We suggest referring "Using Backup Exec with Firewalls" on page no#320 of Admin guide. This will help you understand how to configure Backup Exec to backup the server across the firewall. The Administrator's guide can be downloaded from the following link:
The Admin Guide and knowledge base is lacking on detailed specifics for configuring BE 10.0 to backup servers in a DMZ through a firewall. I have done everything according to the Admin Guide and still can not get it to work. Also, I can't find any documentation on what services are required for the Remote Agent on a hardened server in a DMZ to function.
Problem solved. I had to add an entry for the DMZ machine in the Hosts file on my media server. Also, the Server service has to run on your machines in the DMZ for the Remote Agent to run.
Hmm. I tried that and it still doesn't work. It's so weird because I can telnet to the port 10000 on both servers and it still won't authenticate. It's like it doesn't see the Agent software.
Backup Exec 10 should make things easier backing up through firewalls since by default the connections required for backup are initiated outbound from the media server (9.x initiated the control connection outbound and the data connection inbound). Port 10000 (NDMP default) is required outbound to be able to browse remote servers and make selections. You can designate what ports to use in Tools | Options | Network and Firewall. The media server ports are those sourced on the media server and the remote agent ports are those on the backup target.
I wonder why Veritas took out the email support and substituted this forum in it's place. I posted another message earlier but still have had no response from a Veritas rep.
I understand the benefit of asking other people questions about your problem, but I would never rely on them to answer the question completely.
Veritas, if you are listening, please respond to my earlier post.
You state that you can telnet to the remote servers but can't 'authenticate' with Backup Exec. Is this a Firewall/Port issue or authentication/rights issue? In Backup Exec, when you try to expand the selections of the remote servers, what do you see?
From my experience the firewall in question can play a role as well. Firewall appliances such as Cyberguards etc give me nothing but problems but a Cisco or even generic nix box works fine.