cancel
Showing results for 
Search instead for 
Did you mean: 

Help with Backing up through firewall - BE 9.0 4454

Rdave
Level 3
I have allowed tcp over ports 10,000 - 11,000 on the firewall from backup box to host machine.  I have configured BE to use this range of ports for it's agents.  BE still will not backup data "Communication error between Backup exec job engine and the remote agent.  The remote server will go into the pre-processing state and then about 3 min later it will fail.  I can ping through the firewall to the remote server but cannot ping from outside to inside.

Anyhelp on this would be appreciated.

Thank You,
Dave 
4 REPLIES 4

Marksw
Level 5
 You going to have to be able to ping from the outside to inside again, how is the data supposed to know how to get back?

Do the following tests..

Telnet to the remote server across the firewall from the backup server on port 10,000 - do you get a connection?
Do the same thing vice versa - do you get a connection?

It doesn't have to ping by name, Ip address is OK, but it must go both ways. If you can only do this via IP address, you need to setup user defined selections for the servers across the firewall.

Mark

Dev_T
Level 6
Hello,

Add the remote server in User Defined Selections through IP Address. Open the Selection list-->Resource Credentials and highlight the remote server and Test the credentials. Add the Backup Exec Service Account in the Local Admin group on the remote server.

Hope this helps...

Brian_h1
Level 4
 Hello Dave, I've got some experiences with this.

Configure BE at Tools > Options > Network for the following:
1. Enable media server TCP dynamic port range: open up 10100--10150 (ports coming in to the backup server)
2. Enable remote agent TCP dynamic port range: open up 10151--10200 (ports going out to remote servers)

Next, open up port 10000 going out to the remote server on other side of firewall.

Next, open up the range in #1 above coming in through firewall to the IP of the backup server.

Lastly, open up the range in #2 above going out to the remote server.

Remember the range you specify in #1 and #2 above will be used for ALL remote servers you backup, not just the servers on other side of firewall.

Lastly, if your firewall is using one-to-many Network Address Translation (NAT) you must configure port forwarding for the range in #1 above to the IP of the backup server or you will not be able to backup across that type of firewall with Backup Exec 9.
Hope this would be helpful

Thanks
Brian

Colin_Weaver
Moderator
Moderator
Employee Accredited Certified
As per Brian_h, BackuP Exec 9.1 and earlier initiated a control connection from Media server to remote and then the remotes initiate a data connection back - as such your firewall and any address translation need to allow for bi-directional comms on the relevant ports.

Backup Exec 10.x and later changed the way the network connections work so that it now works like this:

Media Server makes control connection (outbound) to remote server (on port 10,000) using random outbound port on media server.
Media Server tells remote agent what port to listen on (from the configured range) to accept the data connection
Media server then initiates the data connection to the remote on that port (again from a random outbound port on the media server)

The newer mechanism makes the comms always outbound from the media server and makes firewall and address translation a lot easier to configure - as such if you can I strongly suggest a newer version of Backup Exec would make things a lot easier. (assuming you are not using any software or hardware that is no longer supported by the newer versions anyway)