About using Backup Exec with firewalls
|Article:HOWTO22990|||||Created: 2010-01-01|||||Updated: 2011-05-05|||||Article URL http://www.symantec.com/docs/HOWTO22990|
In firewall environments, Backup Exec provides the following advantages:
Firewalls affect system communication between a media server and any remote systems that reside outside the firewall environment. You should consider special port requirements for your firewall when you configure Backup Exec.
Symantec recommends that you open port 1000 and make sure that it is available on the Backup Exec media server and any remote systems. In addition, you must open the dynamic port ranges that Backup Exec uses for communications between the media server and remote agents.
See Backup Exec Ports.
When a media server connects to a remote system, it initially uses port 1000. The Remote Agent listens for connections on this predefined port. The media server is bound to an available port, but additional connections to the Remote Agent are initiated on any available port.
When you back up data, up to two ports may be required on the computer on which the Remote Agent is installed. To support simultaneous jobs, you must configure your firewall to allow a range of ports large enough to support the number of simultaneous operations desired.
If there is a conflict, you can change the default port to an alternate port number by modifying the %systemroot%\System32\drivers\etc\services file. You can use a text editor such as Notepad to modify your NDMP entry or add an NDMP entry with a new port number. You should format the entry as follows:
ndmp 10000/tcp #Network Data Management Protocol
When you set up TCP dynamic port ranges, Symantec recommends that you use a range of 25 allocated ports for the remote computer. The number of ports that remote computers require depends on the number of devices you protect and the number of tape devices you use. You may need to increase these port ranges to maintain the highest level of performance.
Unless you specify a range, Backup Exec uses the full range of dynamic ports available. When performing remote backups through a firewall, you should select a specific range on the Network and Firewall defaults dialog box.
Article URL http://www.symantec.com/docs/HOWTO22990