Re: Firewall backups

If you use SCHEDMODE POLLING, the only port you have to have open is 1500.
(We've got 10 clients backing up that way.)


-----Original Message-----
From: Gill, Geoffrey L. [mailto:GEOFFREY.L.GILL AT SAIC DOT COM]
Sent: Wednesday, April 21, 2004 6:43 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Firewall backups


We're trying to get backups running outside a firewall and below are the
results of a test. The network folks sent me this log to show the ports
which communicating during backup. On the left is the server IP on the right
is the client IP.

The client settings are below. The question is how to get all to communicate
on one specified port so they can tighten down acls. I've read the write-up
on this and thought everything was set properly but I must be missing
something. If someone has advice it would be greatly appreciated.



Thanks,



COMMmethod                           TCPIP

TCPServeraddress                     xxx.xxx.xxx.xxx

TCPCLIENTADDRESS               xxx.xxx.xxx.xxx

WEBPORTS                             1582,1583

TCPPort                                    1500

TCPCLIENTPORT                      1501

HTTPPort                                  1581



Apr 20 17:04:50 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37317) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:04:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2200), 1 packet

Apr 20 17:05:04 PDT: list TSM-Filter denied tcp xxx.xxx.xxx.xxx(37316) ->
xxx.xxx.xxx.xxx(1501), 2 packets

Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37317) ->
xxx.xxx.xxx.xxx(1501), 4 packets

Apr 20 17:05:04 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2200), 5648 packets

Apr 20 17:05:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37318) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:05:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37319) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:06:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37320) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:06:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37321) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:07:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37322) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:07:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37323) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:08:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37324) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:08:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37325) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:09:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37326) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:09:51 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37327) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:10:06 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2200), 61959 packets

Apr 20 17:10:21 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(37328) ->
xxx.xxx.xxx.xxx(1501), 1 packet

Apr 20 17:10:25 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2235), 1 packet

Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2235), 8 packets

Apr 20 17:10:41 PDT: list TSM-Filter permitted tcp xxx.xxx.xxx.xxx(1500) ->
xxx.xxx.xxx.xxx(2200), 2586 packets



Geoff Gill
TSM Administrator
NT Systems Support Engineer
SAIC
E-Mail:   gillg AT saic DOT com
Phone:  (858) 826-4062
Pager:   (877) 854-0975