cancel
Showing results for 
Search instead for 
Did you mean: 

Port Requirment for ESXI Server

yahyazahedi
Level 3

Hi Guys!
Today I was deploying veritas Netbackup infrastructure (Failover Cluster) on a project, everything went well except adding ESXi host to the veritas.

There is 2 ESXi hosts in the infrastructure and the both of these hosts are behind the firewall and also accessible by NAT. I can ping ESXi from master and media server and vice versal. 

NAT Rule

192.168.5.10:4489 forward to 172.25.1.10:443 Esxi01
192.168.5.10:4488 forward to 172.25.1.20:443 Esxi02

When I tried to add them by using (192.168.5.10) in veritas, I faced with Timeout error which I had to add them by using tpconfig command. While I see virtual machines and can create policies for them, backup jobs were failed due to this error:
Error Opening the snapshots disk using given transport mode: san..... status:23


it occurs for all virtual machines and I guess I need a NAT for ESXi to see media servers? So which NAT rule should I have? What about port 902? I don't have any rule for it?

What do you think of this problem?
any help would be appreciated.

4 REPLIES 4

sdo
Moderator
Moderator
Partner    VIP    Certified

I know some that features of NetBackup are still not supported for end-points behind NAT, but I am also aware that sometimes they do work - and I am aware that more and more features are actively becoming officially supported, by Veritas, for use with NAT, with each new release of NetBackup...

...but does anyone know whether ESXi behind NAT is actually supported for use with NetBackup v8.1.2 ?

@yahyazahedi did you find a support statement for this in the documentation ?  And it might help if you tell us which version(s) of ESXi you are running ?

davidmoline
Level 6
Employee

Hi

Firstly, formal NAT support has only appeared with 8.2. That said there are many people who have made it work. See this article if you haven't already https://www.veritas.com/support/en_US/article.100004694 on the support for NAT.

The NAT rules you have shown won't work by themselves - NetBackup will try to connect to the ESXi servers defined also on port 902 which where I think your backup jobs are failing.

Can you arrange for two IP's on the inside and craft your NAT rule like this below so no port translation occurs.
192.168.5.10:any forward to 172.25.1.10:any
192.168.5.11:any forward to 172.25.1.20:any

Good luck

Well, I am using ESXi 5.5 and ESXi 6. But I remember in a project it worked well, Based on research and what other friends suggested me, I think the problem is related to Port forwarding, I will try any any NAT if it is possible. I add ESXi credentials using port 443, If I change the port to 902 it should work? But it didn't work.

NetBackup requires access to both 443 and 902 on the ESXi server (443 for communications/control and 902 for data). 

Although it is possible to alter the browse port (443) to the ESXi server, I'm not sure there is any way to alter the port 902 requirement in NetBackup (I could be wrong).

If you are using SAN transport mode, you may not require port 902 (NBD/NBDSSL). Maybethat is why it has worked in the past and not now.