Veritas-bu
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Veritas-bu] backing up a firewall (not through it)

2001-03-23 11:49:46
Subject: [Veritas-bu] backing up a firewall (not through it)
From: John_Wang AT enron DOT net (John_Wang AT enron DOT net)
Date: Fri, 23 Mar 2001 10:49:46 -0600 
Hello Tim

Try allowing the firewall to initiate an outgoing session to the media servers
from the clients targeting port 5000 (origination ports are probably
unpriviledged ports).

I believe that the client will attempt to create a datastream to the media
servers using destination ports between 1025 and 5000 chosen at random but if
the RANDOM_PORTS setting is set to NO then it will start at 5000 and decrement
down for each concurrent data stream.   So long as you have multi-streaming
disabled and RANDOM_PORTS set to NO then it will probably just use port 5000.

Of course the coordination ports that you've been playing with also needs to be
open.

Regards,
John I Wang
Sr. Systems Engineer
Steverson Information Professionals

---
Enron Broadband Services
3 Allen Center 3AC872e
ph (713) 345-6863
pg pagejwang AT skytel DOT com





|--------+----------------------->
|        |          Tim.McMurphy@|
|        |          telus.com    |
|        |                       |
|        |          03/22/01     |
|        |          06:43 PM     |
|        |                       |
|--------+----------------------->
  >----------------------------------------------------------------------------|
  |                                                                            |
  |       To:     veritas-bu AT mailman.eng.auburn DOT edu                      
      |
  |       cc:     (bcc: John Wang/Contractor/Enron Communications)             |
  |       Subject:     [Veritas-bu] backing up a firewall (not through it)     |
  >----------------------------------------------------------------------------|



I have read through the mailling list on this one and have tried but don't
seem to be getting network connection with netbackup (I can ping ok from the
fw to the backup server).

Netbackup 3.4
error 41 network connection timed out

I am trying to backup a firewall, not through a firewall, just backup the
firewall. Of course the fw admins don't want to open up many ports. I have
the client installed on the firewall.

1) What is the minimum ports per fw to do a backup?

2) Here is the config. Will this work?
On the client (the firewall) I have in bp.conf
ALLOW_NON_RESERVED_PORTS
SERVER_PORT_WINDOW = 13740 13750
CLIENT_PORT_WINDOW = 13740 13750
RANDOM_PORTS = NO

On the backup server (master) I have this in bp.conf
ALLOW_NON_RESERVED_PORTS
SERVER_PORT_WINDOW = 13740 13750
CLIENT_PORT_WINDOW = 13740 13750
RANDOM_PORTS = NO

The firewall folks have allowed the following:
TCP on port 13782, 13720 & 13740 to 13750

I have tried most permutations of the above commands and I am obviously
missing something. Any ideas?

Thanks
_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Veritas-bu] OtMan5 errors on Win2K, morms AT es DOT com
Next by Date:  [Veritas-bu] up'ing a drive, Lou Costabile
Previous by Thread:  [Veritas-bu] backing up a firewall (not through it), fx [François-Xavier Peretmere]
Next by Thread:  [Veritas-bu] backing up a firewall (not through it), John_Wang AT enron DOT net
Indexes:  [Date] [Thread] [Top] [All Lists]