Rick Harderwijk wrote:

Hi,

Wanda wrote:

All the firewall guy had to do was create a rull that allows TCP/IP

traffic

through the firewall for port 1500 for the particular client address.

If you use SCHEDMODE PROMPTED, I believe you also have to enable port

1501.

If you want to use the web client to do TSM backups/restores remotely,

that

uses port 1581.

All those ports are configurable, i.e., you can tell TSM client and server
to use different ports if you want

I would STRONGLY suggest to choose different ports. I believe there's a list
out there, I think it's through IANA (www.iana.org - somebody please confirm
that) that tells which port is 'registered' . Pick some free ports high up,
preferably not next to each other (I would go pick like 7492, 9816 and 9752-
handpicked these :) ). Wouldn't want some h*cker discovering you're using
1234 with some sec hole somewhere and let him just try 1235 and 1236, now
would we?

There's not a great deal of advantage to using non-standard ports, and
it just confuses things... Any good firewall (And firewall admin) will
only open up the traffic between the client and the tsm server anway. So
a hacker would have to be on one of those boxes first in order to do
anything (Discounting forged packets here that should be denied at your
ISP link anyway) through that port.
Plus any hacker worth their salt will probably port scan you nayway (And
lots of script kiddies doit just to see). So if your ruls ISN'T tight,
it doesn't matter what port you put it on...

But hey, waddah I know, it's just my $.02 - maybe I'm wrong. At least
someone on the list will tell you, and you'll never forget (and neither will
I).

Regards,

Rick

--
I don't suffer from Insanity...         | Linux User #16396
I don't suffer from Insanity...         | Linux User #16396
       I enjoy every minute of it...   |
                                       |
http://www.travellingkiwi.com/          |