cancel
Showing results for 
Search instead for 
Did you mean: 

Which direction should i open firewall port for DMZ backups?

gbug1
Level 3
Hi all,
I am using Backup Exec to backup data in our DMZ. We are using BE 12.5, and these servers are located in our corporate LAN.
I have found this document http://seer.entsupport.symantec.com/docs/285830.htm which shows what ports the product uses, but it doesnt specify where the ports are used. ie, some ports should be open to allow LAN > DMZ traffic, and vice versa. Does anyone know where i can obtain this info?

Cheers.
1 ACCEPTED SOLUTION

Accepted Solutions

RahulG
Level 6
Employee
This are the only ports which need to be open 
 
Service Port Port Type
Backup Exec Agent Browser (benetns.exe) 6101 TCP
Backup Exec Remote Agent for Windows Server (beremote.exe) 10000 TCP
Backup Exec Server (beserver.exe) 3527, 6106 TCP
MSSQL$BKUPEXEC (sqlservr.exe) 1125 TCP
  1434 UDP
Backup Exec Remote Agent for NetWare 10000, 6102 TCP
Remote Agent for Linux and UNIX Servers (RALUS) 10000 TCP
DBA-initiated backups for Oracle and DB2 5633 TCP
If you just want to backup servers in the Dmz zone and your server in in normal LAN
Open Port 10000 and a port range (minimum of 25 ports) in the firewall
Note: It is recommended to keep a range of ports opened instead of just one because a dynamic port can be engaged by any other application and cause can cause data connection issues. Therefore keep at least 25 ports opened for the remote system.
Specify the same ports under the Tools - Options - Network and security- "Enable remote agent TCP dynamic port range"
Refer the following document as well

http://support.veritas.com/docs/194182

View solution in original post

1 REPLY 1

RahulG
Level 6
Employee
This are the only ports which need to be open 
 
Service Port Port Type
Backup Exec Agent Browser (benetns.exe) 6101 TCP
Backup Exec Remote Agent for Windows Server (beremote.exe) 10000 TCP
Backup Exec Server (beserver.exe) 3527, 6106 TCP
MSSQL$BKUPEXEC (sqlservr.exe) 1125 TCP
  1434 UDP
Backup Exec Remote Agent for NetWare 10000, 6102 TCP
Remote Agent for Linux and UNIX Servers (RALUS) 10000 TCP
DBA-initiated backups for Oracle and DB2 5633 TCP
If you just want to backup servers in the Dmz zone and your server in in normal LAN
Open Port 10000 and a port range (minimum of 25 ports) in the firewall
Note: It is recommended to keep a range of ports opened instead of just one because a dynamic port can be engaged by any other application and cause can cause data connection issues. Therefore keep at least 25 ports opened for the remote system.
Specify the same ports under the Tools - Options - Network and security- "Enable remote agent TCP dynamic port range"
Refer the following document as well

http://support.veritas.com/docs/194182