Veritas-bu

[Veritas-bu] Still Another Question on Firewalls, Ports and Security

2001-01-04 11:36:09
Subject: [Veritas-bu] Still Another Question on Firewalls, Ports and Security
From: Dennis Dwyer dfdwyer AT tecoenergy DOT com
Date: Thu, 04 Jan 2001 11:36:09 -0500
I suppose there is no similar feature for NBU 3.2? I'm planning the upgrade to 
3.4 later this year.

Quote: "Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it right

Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company

(813) 225-5181  - Voice
(813) 275-3599  - FAX

Visit our corporate website at www.tecoenergy.com

>>> "Steve White" <stevew AT colltech DOT com> 01/04/01 11:31AM >>>
In version 3.4, You would use it in conjunction with the other bp.conf
setting "CLIENT_PORT_WINDOW" and "SERVER_PORT_WINDOW" which restrict the
port windows to a limited range.  You could also just use
"CLIENT_RESERVED_PORT_WINDOW and "SERVER_RESERVED_PORT_WINDOW without the
"ALLOW_NON_RESERVED_PORTS setting.

Be careful though...you want to allow enough ports that you don't get too
many jobs running at one time and run out of available ports.

Steve White


-----Original Message-----
From: veritas-bu-admin AT Eng.Auburn DOT EDU 
[mailto:veritas-bu-admin AT Eng.Auburn DOT EDU]On Behalf Of Dennis Dwyer
Sent: Thursday, January 04, 2001 7:35 AM
To: veritas-bu AT mailman.eng.auburn DOT edu 
Subject: [Veritas-bu] Still Another Question on Firewalls, Ports and
Security


I think I'm pretty clear now on which ports have to be accommodated within
the firewall to allow NetBackup connections but there is still one question
floating around out there that begs answering ...

"Is there a way to limit which ports NetBackup will use (something less than
the complete 512 to 1024 range) thereby insuring that a minimum number of
ports will have to be defined to the firewall software?"

My security guys are having a baby buffalo at the notion of allowing
NetBackup to have 512 ports available for use. I personally don't know if
that number is good or not nor if it represents a real security concern.
They are more interested in a total number of available ports being 25 - 50.
And oh by the way, they want to choose the range as well (ie; 1000 - 1024).

Any information would be greatly appreciated. I suspect that if the answer
is "You can't do it that way" They'll set me up with the 512 - 1024 range.
But hey ... I gotta at least say I asked.

Regards,

Dennis

"Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it
right

Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company

(813) 225-5181  - Voice
(813) 275-3599  - FAX

Visit our corporate website at www.tecoenergy.com 

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu 
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu 

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu 
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu