Network Address Translation and Port Address Translation are not supported for Symantec NetBackup (tm) 6.x and 7.x

Article:TECH15006  |  Created: 2001-01-23  |  Updated: 2013-10-28  |  Article URL http://www.symantec.com/docs/TECH15006
Article Type
Technical Solution

Product(s)

Environment

Issue



To provide full functionality, NetBackup must be able to; reliably connect to the same remote host using the same configured hostname at all times, and also be able to reliably distinguish the host from which an inbound connection originated based on the source IP address.

 

Accordingly, Symantec does not support any NetBackup configuration which involves a NetBackup server or client host separated from other NetBackup hosts by a network device performing Network Address Translation (NAT) or Port Address Translation (PAT).

 


Environment



NetBackup 3.2, 3.4, 4.5, 5.0, 5.1, 6.0, 6.5, 7.0, 7.5


Solution



Symantec does not support and recommends against the use of Network Address Translation (NAT) or Port Address Translation (PAT) with NetBackup as follows.

 

The use of dynamic NAT or Port Address Translation (PAT) introduces data security risks and other failures due to the inability to uniquely and consistently identify a remote host by IP address.

 

The use of static NAT, where there is a predetermined one-to-one mapping of IP addresses, may allow scheduled backups that only use legacy connections to function normally, but is not supported because other operations will fail.  Further, attempts to resolve outside hostnames to inside global IPs may expose those sensitive IP addresses and hostnames to unintended observers.

 

 

If it is necessary to restore data to a target client on the other side of a NAT gateway, restore the files to a staging client where NAT is not involved and then transfer the files to the target host using FTP or other means.

 

Final Caution

 

Some NetBackup operations may appear to function correctly when using NAT or PAT.  But functionality is limited, the authenticity of a remote host and therefore data security is not guaranteed, and attempts to work-around NAT may expose critical host information.  Therefore, support is not extended to these environments.

 




Legacy ID



237794


Article URL http://www.symantec.com/docs/TECH15006


Terms of use for this information are found in Legal Notices