cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup uni-directional firewall setup

Tim_Z
Not applicable

‎02-15-2010 03:44 PM

All,
I'm trying to setup a NetBackup server with uni-directional communication through a firewall. At the moment, we're only trying to determine the correct setup and confirm that it works before we take the time and effort to rearrange our environment.

So far I have configured a client's properties to use the following:
 * BPCD connect back == VNETD Port
 * Ports == Use reserved ports
 * Daemon connection port == VNETD only

I also tried to set up the Firewall Tab (under Master Server Properties) to use the same options as above and added the test host to the list.

Both my client and server are running NB 6.5.3.1 and upgrading isn't really an option at the moment.

Any ideas on how to get the communication here to be unidirectional so I can get it to work through the firewall? 
0 Kudos
3 REPLIES 3

F_J
Level 4

‎02-15-2010 04:26 PM

It really depends on whether the firewall is:
(a) between the client and the media server, or
(b) between the media server and the master.

For (a) all you need for server-directed backups is TCP port 13724 open from the media server to the client, and there is no need to customise any settings - it will only try to use 13724 by default.
One exception from this rule is the Fibre Transport client which will require bi-directional communication on 13724 and 1556
You will also need 13724 open from client to the master server for client-directed backups and restores, or for database backups..

For (b), bidirectional communication is required on ports 13724 and 1556.


0 Kudos

Will_Restore
Level 6

‎02-16-2010 08:14 AM

http://ftp.support.veritas.com/pub/support/products/NetBackup_Enterprise_Server/281623.pdf

(assuming 6.x for all machines)
Master Server  vnetd/13724 -> Media Server
Master Server  veritas_pbx/1556 -> Media Server
Master Server  veritas_pbx/1556 -> EMM Server
Master Server  vnetd/13724 -> Client


Media Server  vnetd/13724 -> Master Server
Media Server  veritas_pbx/1556 -> Master Server
Media Server  veritas_pbx/1556 -> EMM Server
Media Server  vnetd/13724 -> Client


Client  vnetd/13724 -> Master Server
 
0 Kudos

James_Perry
Level 4

‎02-17-2010 01:22 PM

On out Linux clients we setup 13724 (vnetd) as well as 13782 (bpcd) but I am only seeing the vnetd port being used.  We don't use the PBX with the clients so this has been sufficient. 

Also we did not need to setup anything in the firewalls tab for these servers, NetBackup just tried the vnetd port and we were off.

For media servers behind a firewall we had 13724, 1556, and 13782 open for incoming to the media server. 

The master server does not have a firewall between it and the other media servers.
0 Kudos