cancel
Showing results for 
Search instead for 
Did you mean: 

Any officially supported solution for NAT/DMZ clients protection?

Mike_Tang
Level 4
Certified

Dear all,

Refer to this KB - http://www.symantec.com/docs/TECH15006

Symantec does not support any NetBackup configuration which involves a NetBackup server or client host separated from other NetBackup hosts by a network device performing Network Address Translation (NAT).

Any infra environment will involve DMZ/NAT client protection. Do you know that there is any official supported approach for this type NAT/DMZ client protection by NetBackup?

Wish for your good idea.

Mike

 

 

2 REPLIES 2

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

We have managed to get it working at some customers where static NAT'ing was in place as per this section of the TN:

The use of static NAT, where there is a predetermined one-to-one mapping of IP addresses, may allow scheduled backups that only use legacy connections to function normally, but is not supported because other operations will fail. 

File system backups where drive letters and folders were explicitly listed in the policy Backup Selection.
ALL_LOCAL_DRIVES and database backups (or any other client-initiated operations did not work).

Just add hosts entries for NAT addresses on media server and client.

Be prepared for initial troubleshooting - ensure bpcd log exists on client and bpbrm on media server.
Use bptestbpcd to test port connectivity as well as forward and reverse name lookup.

 

teiva-boy
Level 6

Most orgs that I work with that run into this...  They use FC to get around their IP restrictions.

Either via FC connected VTL devices, or use SAN Clients to backup the hosts.