Unfortunately, there is not.  It's been a while since I looked at 3.2
through a firewall, but I think that there was a way to limit the ports, but
it wasn't pretty.  Basically, I believe with 3.2, the ports were assigned
sequentially.  If not, then I believe you can use the setting
"RANDOM_PORTS=NO" in bp.conf to make it so.  Then you'd also set
ALLOW_NON_RESERVED_PORTS.  This then had NetBackup assign each client port
sequentially downward from 5000.  Then all you do is calculate the maximum
number of streams that you'll have active at any one time, and open that
many ports counting down from 5000.  Of course, you also have to open the
main control ports as well.

Steve White

-----Original Message-----
From: Dennis Dwyer [mailto:dfdwyer AT tecoenergy DOT com]
Sent: Thursday, January 04, 2001 8:36 AM
To: stevew AT colltech DOT com; veritas-bu AT mailman.eng.auburn DOT edu
Subject: RE: [Veritas-bu] Still Another Question on Firewalls, Portsand
Security


I suppose there is no similar feature for NBU 3.2? I'm planning the upgrade
to 3.4 later this year.

Quote: "Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it
right

Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company

(813) 225-5181  - Voice
(813) 275-3599  - FAX

Visit our corporate website at www.tecoenergy.com

>>> "Steve White" <stevew AT colltech DOT com> 01/04/01 11:31AM >>>
In version 3.4, You would use it in conjunction with the other bp.conf
setting "CLIENT_PORT_WINDOW" and "SERVER_PORT_WINDOW" which restrict the
port windows to a limited range.  You could also just use
"CLIENT_RESERVED_PORT_WINDOW and "SERVER_RESERVED_PORT_WINDOW without the
"ALLOW_NON_RESERVED_PORTS setting.

Be careful though...you want to allow enough ports that you don't get too
many jobs running at one time and run out of available ports.

Steve White


-----Original Message-----
From: veritas-bu-admin AT Eng.Auburn DOT EDU
[mailto:veritas-bu-admin AT Eng.Auburn DOT EDU]On Behalf Of Dennis Dwyer
Sent: Thursday, January 04, 2001 7:35 AM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] Still Another Question on Firewalls, Ports and
Security


I think I'm pretty clear now on which ports have to be accommodated within
the firewall to allow NetBackup connections but there is still one question
floating around out there that begs answering ...

"Is there a way to limit which ports NetBackup will use (something less than
the complete 512 to 1024 range) thereby insuring that a minimum number of
ports will have to be defined to the firewall software?"

My security guys are having a baby buffalo at the notion of allowing
NetBackup to have 512 ports available for use. I personally don't know if
that number is good or not nor if it represents a real security concern.
They are more interested in a total number of available ports being 25 - 50.
And oh by the way, they want to choose the range as well (ie; 1000 - 1024).

Any information would be greatly appreciated. I suspect that if the answer
is "You can't do it that way" They'll set me up with the 512 - 1024 range.
But hey ... I gotta at least say I asked.

Regards,

Dennis

"Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it
right

Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company

(813) 225-5181  - Voice
(813) 275-3599  - FAX

Visit our corporate website at www.tecoenergy.com

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu