In most cases firewalls don't block traffic where the server initiates the
session to a client that's outside the firewall.
I think the 5.2 TSM server has added facilities to let it initiate the
session, which (I think) means you don't have to code exceptions in your
firewall.
I am hoping to use that to eliminate our firewall exceptions; has anybody
tried this and got it to work?
Is it a good thing?
-----Original Message-----
From: Karel Bos [mailto:Karel.Bos AT NUON DOT COM]
Sent: Wednesday, September 10, 2003 12:16 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: Ports used by TSM?
Hi,
TSM uses randoms port to back-up jobs. You can however use the WEBPORT
parameter in the client option file to assign fixed ports to be used for
back-ups.
Tivoli Storage Manager firewall support
| | | |
|In most cases, the Tivoli Storage Manager server and clients can work
|across a firewall. Because every firewall is different, the firewall
|administrator may need to consult the instructions for the firewall
software |or hardware in use.
|There are two methods for enabling client and server operations through a
|firewall: |
|Method 1:
|To allow clients to communicate with a server across a firewall, the
|following ports must be opened in the firewall by the firewall
|administrator: |
|TCP/IP port
|To enable the backup-archive client, command line admin client, and the
|scheduler to run outside a firewall, the port specified by the server
option |tcpport (default 1500) must be opened by the firewall
|administrator. This port is set on the client and the server using the
|tcpport option. The setting must be the same on the client |and server. The
default TCP/IP port is 1500. See Tcpport for more information.
|Note:
The client may not use the port specified by the tcpadminport |option (on
the server) for client session. That port may be used for |administrative
sessions only (including node-admin client sessions). |
|HTTP port
|To allow the Web client to communicate with remote workstations across a
|firewall, the HTTP port for the remote workstation must be opened. Use |the
httpport option in the remote workstation's client option |file to specify
this port. The default HTTP port is 1581.
|To use the administrative Web interface for a server across a firewall, the
|HTTP port for the server must be opened. Use the httpport |option in the
server options file to specify this port. The default |HTTP port is 1580.
|TCP/IP ports for the remote workstation
|The two TCP/IP ports for the remote workstation client must be |opened. Use
the webports option in the remote |workstation's option file to specify
these ports. If you do not |specify the values for the webports option, the
default zero (0) |causes TCP/IP to randomly assign two free port numbers.
See Webports for more information about the webports |option.
|TCP/IP port for administrative sessions
|Specifies a separate TCP/IP port number on which the server is waiting for
|requests for administrative client sessions, allowing secure administrative
|sessions within a private network. See Tcpadminport for more information. |
Hope this will help you!
Regard,
Karel
-----Oorspronkelijk bericht-----
Van: Ewald Jenisch [mailto:a AT JENISCH DOT AT]
Verzonden: woensdag 10 september 2003 17:27
Aan: ADSM-L AT VM.MARIST DOT EDU
Onderwerp: Ports used by TSM?
Hi,
Sorry if this is a dumb question but where can I find information
about which destination ports (TCP and/or UDP) TSM uses for various
purposes (e.g. server-initiated backup, client-initated backup).
>From various logs I found that it's in the range from TCP 1500
upwards, but I wonder which port is used for which purpose in order to
set up a firewall.
Thanks much in advance,
-ewald
|