Networker

Re: [Networker] Backing up through a Firewall

2005-11-22 18:47:05
Subject: Re: [Networker] Backing up through a Firewall
From: swiss <swiss AT KEACHIE.CO DOT UK>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Tue, 22 Nov 2005 23:47:08 -0000
How are you getting on with timeout issues on the firewall?

The firewall I'm trying to do backups through is closing ports that have
been inactive for 60 mins. This gives me problems with backups of savesets
that take longer than 60 mins to complete as the port nsrexec - nsrexecd
communicates through is being closed down due to inactivity so when the
saveset does complete the networker server never gets the response it's
expecting from the client. This is viewed as a failure by the NetWorker
server and retries the backup depending on client retry settings on the
group.

I've tried using the NSR_KEEPALIVE_WAIT env variable on the client (setting
it to 30 secs) but I've had mixed results. I've also tried modifying the TCP
KEEPALIVE parameters on the client only but again I'm having mixed results.
I'm very reluctant to modify any TCP parameters on the NetWorker server.

I haven't seen the backup use ports it's not meant to but then again the
firewall has been opened for all the service ports.

I'm using 7.1.3 on NetWorker server and clients.

A

-----Original Message-----
From: Legato NetWorker discussion
[mailto:NETWORKER AT LISTSERV.TEMPLE DOT EDU]On Behalf Of Matthew Robert
Sent: 22 November 2005 22:02
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] Backing up through a Firewall


This email is to be read subject to the disclaimer below.

We have managed to do this with a few clients, however its buggy and
rarely works as it should. The main problem is that when you specify the
management port from the client end, it then goes and chooses another
seemingly random port to use instead of the correct one. It gives me
massive headaches as the firewall guys are reluctant to open a port that
is not approved by the software vendor.

Apprently this is going to be fixed in Legato 7.3

Best of luck,
Matt

____________________________________________________________________________
_________
Matthew Robert | Data Backup & Retention Administrator | Ernst & Young
Services Pty Limited | Direct: (02) 9248 4784 | Fax: (02) 9248 5316
E-mail: matthew.robert AT au.ey DOT com | Please note our new address: Ernst &
Young Centre, 680 George Street, Sydney 2000
Catch up on the latest E&Y news at http://www.ey.com/au



"Sackson [US], Mark A." <Mark.Sackson AT SPERRY.NGC DOT COM>
Sent by: Legato NetWorker discussion <NETWORKER AT LISTSERV.TEMPLE DOT EDU>
23/11/2005 08:22
Please respond to
Legato NetWorker discussion <NETWORKER AT LISTSERV.TEMPLE DOT EDU>; Please
respond to
"Sackson [US], Mark A." <Mark.Sackson AT SPERRY.NGC DOT COM>


To
NETWORKER AT LISTSERV.TEMPLE DOT EDU
cc

Subject
[Networker] Backing up through a Firewall






I was wondering if anybody is able to backup a server located in the
other side of a firewall from the NetWorker server?

I have tried to follow the Admin guide, but somehow it seems that the
server needs to make contact with the NetWorker server first, then once
the client has been created, you can modify it.

Any help would be greatly appreciated.

I am using NetWorker 7.2 on an AIX 5.1 server.

Thanks,

Mark A. Sackson

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu
if you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER





--------------------
NOTICE - This communication contains information which is confidential and
the copyright of Ernst & Young or a third party.

If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Ernst & Young on 1800 655 717
immediately. If you are the intended recipient of this communication you
should not copy, disclose  or distribute this communication without the
authority of Ernst & Young.

Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the views of
Ernst & Young.

Except as required at law, Ernst & Young does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor
that the communication is free of errors, virus, interception or
interference.

Liability limited by a scheme approved under Professional Standards
Legislation.
--------------------


If this communication is a "commercial electronic message" (as defined in
the Spam Act 2003) and you do not wish to receive communications such as
this, please forward this communication to unsubscribe AT au.ey DOT com

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type
"signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if
you have any problems
wit this list. You can access the archives at
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the
body of the email. Please write to networker-request AT listserv.temple DOT edu 
if you have any problems
wit this list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER