This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0B3D6.59239010
Content-Type: text/plain;
charset="ISO-8859-1"
do you have one centrally located backup server? or multiple backup
servers, one per vlan? many people are doing hosting and other types of
customer transactions on internal servers, so I can see why people restrict
ports. people use nat quite a bit and hide nat behind the firewall or
double layer it.... firewall->router->than internal hosts.
my feeling is that unless you have tons of security concerns, network design
issues, customer data issues, you should be able to backup a firewall with
out being too restrictive. the firewall also needs to be configured
correctly. if it allows packets that have source addr's that are internal
hitting its external interface, and they are allowed to pass.... the
firewall has real problems. I have seen people with issues like that, and I
can understand why they restrict internal servers heavily...
-----Original Message-----
From: Price, Michael [mailto:MPrice AT dantis DOT com]
Sent: Friday, March 23, 2001 1:30 PM
To: Chapman, Kyle; 'Tim.McMurphy AT telus DOT com'
Cc: 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: RE: [Veritas-bu] backing up a firewall
We restrict ports internally because we have different customers on
different vlans.
-----Original Message-----
From: Chapman, Kyle [mailto:Kyle_Chapman AT G1 DOT com]
Sent: Friday, March 23, 2001 7:57 AM
To: 'Tim.McMurphy AT telus DOT com'
Cc: 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: [Veritas-bu] backing up a firewall
is it firewall-1 you are trying to backup? we do that as well. I created a
rule on the firewall allowing access to the firewall itself by the NetBackup
server. I don't know why you would restrict ports if the host is internal
to the firewall, external is another story. if it is internal, and all your
rules are fine, you don't allow source-routing, you shouldn't have to
restrict ports.
KSC
301-918-0466
Network/Systems Engineer
www.g1.com <http://www.g1.com/>
Here is a really great OS
www.freebsd.org <http://www.freebsd.org/>
------_=_NextPart_001_01C0B3D6.59239010
Content-Type: text/html;
charset="ISO-8859-1"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
<META content="MSHTML 5.00.2919.6307" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=202350520-23032001>do
you
have one centrally located backup server? or multiple backup servers, one
per vlan? many people are doing hosting and other types of customer
transactions on internal servers, so I can see why people restrict ports.
people use nat quite a bit and hide nat behind the firewall or double layer
it.... firewall->router->than internal hosts.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=202350520-23032001>my
feeling is that unless you have tons of security concerns, network design
issues, customer data issues, you should be able to backup a firewall with out
being too restrictive. the firewall also needs to be configured
correctly. if it allows packets that have source addr's that are internal
hitting its external interface, and they are allowed to pass.... the
firewall has real problems. I have seen people with issues like that, and
I can understand why they restrict internal servers
heavily...</SPAN></FONT></DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Price, Michael
[mailto:MPrice AT dantis DOT com]<BR><B>Sent:</B> Friday, March 23, 2001 1:30
PM<BR><B>To:</B> Chapman, Kyle; 'Tim.McMurphy AT telus DOT com'<BR><B>Cc:</B>
'veritas-bu AT mailman.eng.auburn DOT edu'<BR><B>Subject:</B> RE:
[Veritas-bu]
backing up a firewall<BR><BR></DIV></FONT>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=731473118-23032001> We restrict ports internally
because we have different customers on different vlans.</SPAN></FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Chapman, Kyle
[mailto:Kyle_Chapman AT G1 DOT com]<BR><B>Sent:</B> Friday, March 23, 2001
7:57
AM<BR><B>To:</B> 'Tim.McMurphy AT telus DOT com'<BR><B>Cc:</B>
'veritas-bu AT mailman.eng.auburn DOT edu'<BR><B>Subject:</B> [Veritas-bu]
backing
up a firewall<BR><BR></DIV></FONT>
<DIV><FONT face=Arial size=2><SPAN class=052555413-23032001>is it
firewall-1
you are trying to backup? we do that as well. I created a rule
on the firewall allowing access to the firewall itself by the NetBackup
server. I don't know why you would restrict ports if the host is
internal to the firewall, external is another story. if it is
internal, and all your rules are fine, you don't allow source-routing, you
shouldn't have to restrict ports.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>KSC</FONT></DIV>
<DIV><FONT face=Arial size=2>301-918-0466</FONT></DIV>
<DIV><FONT face=Arial size=2>Network/Systems Engineer</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.g1.com/">www.g1.com</A></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Here is a really great OS</FONT></DIV>
<DIV><FONT face=Arial size=2><A
href="http://www.freebsd.org/">www.freebsd.org</A> </FONT></DIV>
<DIV> </DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C0B3D6.59239010--
|