VOX

While the server is running 2003 with SP1, the firewall is not turned on. It is in our DMZ though, which has firewall between it and our internal network, as well as one between it and the external Internet.
The internal network operates on the private ip range, and I have had to put special routing into the routing table to get the server to be able to see the internal network.
Here's the thing. The Linux remote agent is set to know the range of BE servers it will talk to. You set them when you configure the agent, and it broadcasts it's availability to those servers. The Windows agent seems to have no such option, or at least not documented, which prevents a specific destination for the broadcast message (I believe). If that is so, then it must be using the broadcast for its subnet or the global 255.255.255.255, which is prevented from traversing my internal firewall, and I'm loath to turn that protection off.

I'm hoping there's a way to direct the broadcast, similiar to the Linux implementation, or at least confirmation on how it is working, so I can fix my problem.

Oh.. interesting. I found somewhat of a tool in the RANT directory that appears to allow me to set the backup servers to announce to.

It hasn't solved my problem mind you, but I do seem to have directed the traffic a little.

vxmon.exe seems to the ability to do several things easier than noted in other places.... might be a good tool to check out.

Also, I don't know if this makes any difference or not, but the system with the remote agent is also running as a member of a workgroup, outside the internal domain. I originally didn't think much of it since other workgroups on the internal network also show up along with the domain, but as this one is on the other side of a firewall, it might have some impact.

Hello,

Have you added the remote agent to the firewall exceptions list?

Aslo make the entries in the host files. In the host file of the media server add the ip address and the servername of the remote server and vis versa.
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.

Here are the steps we take when backing up a DMZ server located in a workgroup and behind a firewall.
1. Create a user defined selection within Backup Exec by right clicking user defined selection on the backup tab. We specify the DMZ server by IP address.
2. Specify a port range to be used for communication between the media server and DMZ server. This can be done by going to "tools-options-network and firewall" within Backup Exec . Enable media server and remote agent dynamic port ranges and choose a range of ports.
3. Open the firewall holes for the specified port range between the DMZ and media server
4. Create a local account on the DMZ server that will be used for Backup Exec and create a matching logon account within Backup Exec under "Network-logon accounts"

The Backup Exec media server will initiate communication with the DMZ server over port 10000 when the backup starts. The DMZ server will communicate back to the media server over the port range specified in step 2 above. As long as the firewall holes are open for this port range, the backup should run correctly.

There may be better ways to do this, but the method above works for us. I hope this helps.

Thank you both for your replies.
Tejashree,
Yes, the firewall rules are set up to allow communication on all assigned ports to and from this server and the backup server.

Ed,
We are currently using user defined selections to work around this problem in a very similar fashion to what you describe. However, the result I am trying to reach is the ability to use the Remote Agent, which provides some advantages over user defined selections.

Right now the only thing I can think of that might be contributing to the problem is the netmasking being done by the firewall. Visually the setup looks something like this:
I-net <-> firewall <-> DMZ server <-> firewall <-> backup server

I'll keep looking...