Solved: Thanks Marianne! Given we

nbuengr · ‎03-02-2016

Hi,

Would like to confirm on firewall settings of NBU.

Originally, customer's firewall is off for NBU environment. Now, they opened ports 13782, 13724, 1556, 13720 and 13783 and wants to turn on firewall.

I believe backups will still run because the important ports are open. Is it safe to say that they can turn on their firewall even there are on-going backups? Will backups be interrupted?

Thanks!

NBU version is 7.6.0.4 running on Win 2008 R2

Marianne · ‎03-02-2016

Most of those ports were needed in pre-6.x days. NBU 7.6 only needs port 1556 for normal backup and restore. There are more ports needed for dedupe and certain other features, so best to have a look at the NBU Ports Reference Guide : http://www.veritas.com/docs/DOC6716

Handy NetBackup Links

View solution in original post

Nicolai · ‎03-03-2016

What brand of firewall is it - do you have a model number ?

Most firewall are not designed for bulk traffic - so backup will be negative affected by the firewall.

Typical they have a fixed bandwidth - lets say 50MB/sec.

One client - no problem 50MB/sec

Two clients - well backup speed down to 25/sec per client

Four 4 backup clients - 12.MB/sec per client

8 clients - well figure it out :) Furthermore it will very hard to reach a agreed backup window at that speed.

View solution in original post

Marianne · ‎03-02-2016

Most of those ports were needed in pre-6.x days. NBU 7.6 only needs port 1556 for normal backup and restore. There are more ports needed for dedupe and certain other features, so best to have a look at the NBU Ports Reference Guide : http://www.veritas.com/docs/DOC6716

Handy NetBackup Links

nbuengr · ‎03-02-2016

Thanks Marianne!

Given we open the required ports and turn on the firewall will it have impact on running backups?

Marianne · ‎03-02-2016

I am not a firewall expert. You need to ask your firewall admin what happens to established ports when firewall is activated.

Handy NetBackup Links

Mouse · ‎03-02-2016

This higly depends upon type of backup you doing, if it's just a normal LAN backup to a media server then you should be good with 1556, however if you're running old clients using VNETD, deduplication or any direct-to-OST 3-rd party storage, it's a different kettle of fish.

The ports guide suggested above gives all required details you or your network team need to figure out what ports are required in your configuration. It's not a product question, it's your network and backup configuration question and we collectively have no clue about either.

Nicolai · ‎03-03-2016

What brand of firewall is it - do you have a model number ?

Most firewall are not designed for bulk traffic - so backup will be negative affected by the firewall.

Typical they have a fixed bandwidth - lets say 50MB/sec.

One client - no problem 50MB/sec

Two clients - well backup speed down to 25/sec per client

Four 4 backup clients - 12.MB/sec per client

8 clients - well figure it out :) Furthermore it will very hard to reach a agreed backup window at that speed.

Michael_G_Ander · ‎03-03-2016

Do be aware that hardware firewalls often require both source and destination ports to be configured, not just the destination ports given in the network port guide from Veritas

Would always turn firewalls on outside the backup window if possible, and make sure that monitoring/logging on them was enable to see dropped/rejected connections

The standard questions: Have you checked: 1) What has changed. 2) The manual 3) If there are any tech notes or VOX posts regarding the issue

VOX

NBU - Firewall