Networker

Re: [Networker] client backups through firewall disconnecting after 2 hours!

2007-09-05 12:41:01
Subject: Re: [Networker] client backups through firewall disconnecting after 2 hours!
From: Stuart Whitby <swhitby AT DATAPROTECTORS.CO DOT UK>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Wed, 5 Sep 2007 17:33:05 +0100
Your other option for fixing this (maybe) is to drop the TCP_KEEPALIVE_INTERVAL 
(Solaris - there'll be similar in Windows) to a smaller interval - 15 minutes, 
say.  It's set by default to 2 hours (7200000 ms) in Solaris.  Setting this 
lower will get TCP to check that the port on the other side is still 
accessible, initiating traffic which will reset the firewall's timeout .... 
timers.
 
HTH,
 
Stuart.

________________________________

From: EMC NetWorker discussion on behalf of mark wragge
Sent: Wed 05/09/2007 16:45
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Subject: Re: [Networker] client backups through firewall disconnecting after 2 
hours!



Thanks for the info. We have one checkpoint firewall and one Cisco Pix. SOunds 
like this is the cause of the problem.

"Marcelo H. Bartsch" <mbartsch AT UNIX911.ATH DOT CX> wrote:  Mark, wich 
firewall brand? AFAIK Cisco PIX's had a timeout for
established connections wich seems to be something like 1 or 2 hours per
default.



On Wed, 2007-09-05 at 15:20 +0100, mark wragge wrote:
> hi, i have inherited a backup of clients through a firewall using firewall 
> rules already configured. I have three clients that backup through the 
> firewall using the existing rules. All three clients fail after approx 2 
> hours. The smaller savesets on these clients complete successfully. The two 
> windows clients always fail at the same time (2 hours - 5 savesets 13gb 
> completed). The unix client fails around the same time but can sometimes 
> backup about 25gb before failing.
>
> How can i determine if the cause of failure is related to the fact that these 
> clients go through a firewall? There are no error messages on the firewall 
> logs during the time that the backup occurs or at the time that the backup 
> stops.
>
> How can i determine if the cause of failure is related to the number of 
> firewall ports that are open on the client. The open ports are 7937-7941and 
> this is set using nsrports (these ports and rules were determined by previous 
> engineer from EMC). The daemon.log shows no error - it says backup done and 
> then restarts the saveset.
>
> Is it the firewall disconnecting the client backup OR are the networker 
> services failing? We used to think that there was someting wrong with the 
> filesystem on one client but now that we have added two more clients with the 
> same errror it appears that the common link is the firewall.
>
> Thanks for any help, Mark
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com 
> <http://uk.messenger.yahoo.com/> 
>
> To sign off this list, send email to listserv AT listserv.temple DOT edu and 
> type "signoff networker" in the body of the email. Please write to 
> networker-request AT listserv.temple DOT edu if you have any problems with 
> this list. You can access the archives at 
> http://listserv.temple.edu/archives/networker.html or
> via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER


 Send instant messages to your online friends http://uk.messenger.yahoo.com 
<http://uk.messenger.yahoo.com/> 

To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER



To sign off this list, send email to listserv AT listserv.temple DOT edu and 
type "signoff networker" in the body of the email. Please write to 
networker-request AT listserv.temple DOT edu if you have any problems with this 
list. You can access the archives at 
http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER