cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup setup on firewall

Teeju
Level 2

‎10-24-2008 02:45 AM

Hi,

 

I am trying to setup the netbackup to backup my web server which is behind the firewall. I am using cisco ASA firewall. I followed the document and opened the ports as metion in document. Also modified the client and server ports as per document. But still can not do the backup. I have enabled the ports in all the clients after which i can not do the backup for them as well. it gives socket error. Please advice.

 

Document: 

 

Document ID: 237796
http://support.veritas.com/
docs/237796
E-Mail this document to a
colleague
This is a Firewall Configuration Example with NetBackup Clients Outside the Firewall.
Details:
VERITAS provides this documentation for customers who wish to configure NetBackup to use TCP/IP port ranges other than the
default port ranges for use where a firewall is involved. Although information is provided to assist in creating the appropriate firewall
rules, the designing, testing and implementation of a firewall solution is the customer's responsibility. If problems are encountered
where a firewall is involved, VERITAS will assist in identifying whether or not the firewall is the point of failure.
After choosing the port ranges desired for use by NetBackup, both the firewall and NetBackup must be configured to use those port
ranges. The following examples are based on having chosen to use a server reserved port window of ports 800-899, a client
reserved port window of ports 900-999, a server port window of ports 4800-4899, and a client port window of ports 4900-4999.
Configure the firewall to allow TCP/IP network connections as follows. In these example rules, "Master" refers to not only the
NetBackup Master server, but also any NetBackup Media servers located inside the firewall which will be used to backup clients
outside the firewall.
Source Ports Data Flow Destination Ports
Client 900-999, 4900-4999 ----> Master 800-899, 4800-4899, 13720-13721
Master 900-999, 4900-4999 ----> Client 13782-13783
Configure the bp.conf files as follows. The bp.conf files on the Master, Media server, and clients will share the same settings,
except for CLIENT_NAME which is of course specific to each particular machine.
SERVER = master
SERVER = media
CLIENT_NAME = <insert name of host where this bp.conf is located>
SERVER_RESERVED_PORT_WINDOW = 800 899
CLIENT_RESERVED_PORT_WINDOW = 900 999
SERVER_PORT_WINDOW = 4800 4899
CLIENT_PORT_WINDOW = 4900 4999
ALLOW_NON_RESERVED_PORTS
For Windows NT/2000 machines, all configuration is normally done via the NT NetBackup Configuration GUI, but the NT GUI will not
be able to configure clients outside the firewall if the firewall blocks the Windows NT functions used for remote registry changes.
Instead, "regedit" or "regedt32" must be used on each Windows NT/2000 client that cannot be configured using the NT
NetBackup Configuration GUI. Launch "regedit" or "regedt32" on the Windows NT/2000 client and go to
[HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\NetBackup\CurrentVersion\Config]. Make changes to
CLIENT_RESERVED

 

*************

Thanks

Teeju

0 Kudos
4 REPLIES 4

AntonioVargas
Level 4

‎10-24-2008 03:18 AM

try telneting all netbackup needed ports locally on the client. assuming that the firewall is well configured, a service stopped on the client may be causing the error. debbuging at a lower level wont do no harm :)
0 Kudos

Teeju
Level 2

‎10-24-2008 06:06 AM

Hi,

 

When I configure the manual port for server and all client which is in intranet, the backup has problem within intranet itself. So i have enabled the default ports and it works for intranet clients  not for web server which is behind firewall. 

So please if you can suggest the complete procedure to setup. 

- firewall configuration

- client configuration

- Server configuration

0 Kudos

J_H_Is_gone
Level 6

‎10-24-2008 08:17 AM

go to properties of the master server.

client attributes

if your client is not on this client list add it.

go to the connection options

 

depending on what version you are useing.

 

on General tab check VNETD port

or

on Conneciton Options tab

for BPCD connect back choose VNETD port

and for ports choose Reserved ports.

 

then try again and see if it works.

0 Kudos

Omar_Villa
Level 6
Employee

‎10-24-2008 11:05 AM

ensure vnetd (13724) is open between your client, master and media server, sometimes we only open the port to the master but not to the media server that is going to perform the backup, also if your DMZ server is a media server you will need to open PBX (1556), not sure if you read the Netbackup Security and Ecryption Guide if not take a look here you will find the list of all what you need open between boxes to make this work.

 

http://seer.entsupport.symantec.com/docs/290226.htm

 

hope this helps.

regards.

0 Kudos