Video Screencast Help

ports and directions for BackupExec through firewall

Created: 06 Jun 2013 • Updated: 21 Jul 2013 | 2 comments
This issue has been solved. See solution.

I am trying to get firewall rules approved for a BackupExec 2012 server to backup servers behind a firewall. 

I have configured BackupExec to use 25 ports, and submitted the firewall request to have those ports opened to the appropriate machines.

Articles I've read do not indicate a direction.. or indicate bidirectional, but our security team is concerned about implementing bidirectional access because the servers being backed up are on an externally available network, and the backup server is on an internal network.

Can someone answer definitively if the random ports are required only outbound (backup/media server to client agents), inbound (from the clients to the backup/media server), or in both directions?

Thanks in advance.

Operating Systems:

Comments 2 CommentsJump to latest comment

Colin Weaver's picture

Craig V has given the approproate documentation however a few comments:

As long as you don't want to do push installs of the remote agent from media server to remote server then you might be able to get away with 

Port 10,000 outbound from media server to remote

A small configurarable range of at least 20 ports (Configured in BWE with dynamic port range setting) - again outbound from media server to remote.

In both of the instances above the ports in effect end up as listening ports on the remote system, the ports on the media server that then make the connections are always random.

Depending on the agents being used/type of data being backed up you might also need port 6101 (advertising) which is Inbound from remoet agent to media server.

 

if you are using this like managed backup exec (MBE/MMS) servers across firewalls, push install etc then more will be needed.