Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] NetWorker and Firewalls

2003-09-23 05:41:08
Subject: Re: [Networker] NetWorker and Firewalls
From: Paul Brears <paul AT IFL DOT NET>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Tue, 23 Sep 2003 10:30:23 +0100 
We have much the same situation.  As well as the open port ranges, that are 
configurable, there is
one additional problem.
The networker server will have an open TCP connection with the storage node for 
each tape drive.
These TCP sessions are idle unless the tape is being used so during the average 
day these have
nothing going down them.
Most satefull firewalls have a time limit on idle TCP connections and will 
close these sessions (in
the case of Cisco CBAC sending a TCP reset to both hosts after an hour)
When Legato attempts to then use these tcp session it expects it to be open, if 
it isn't the
Networker server will crash claiming it can't find any media in the media index.
There is a code fix for this but we've not tried it. Instead we configured tcp 
keep alives on the
backup server and we've not seen the problem since. (We did this before we got 
the code fix and
we're reasonably happy with the keepalives)
These problems were seen with 6.1.1 on Win2K SP3.

http://support.microsoft.com/default.aspx?scid=KB;en-us;q120642

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/network/deploy/depovg/tcpip2k.asp

http://listmail.temple.edu/scripts/wa.exe?A2=ind0207&L=networker&P=R23861&I=-3&X=122E6D166C225D1EC8

Another article on this list I found useful:


Paul

----- Original Message -----
From: "Neild, Jim" <Jim.Neild AT SSHA.ON DOT CA>
To: <NETWORKER AT LISTMAIL.TEMPLE DOT EDU>
Sent: Monday, September 22, 2003 8:23 PM
Subject: [Networker] NetWorker and Firewalls


I have a NetWorker server running in VLAN 1 which is protected by a
firewall and I want to have a Storage Node sitting in VLAN 2, also
behind a firewall.  The Storage Node will backup servers that are on the
VLAN 2 only and will send metadata (indexes, etc.) through the firewalls
to the NetWorker server in VLAN 1.

I have read the section on firewalls in the doco and it all appears as
though it assumes that the communication through the firewall will be
between client and Storage Node, not Storage Node and NetWorker Server.

Has anyone built this configuration and what ports did you have to open?
What formula did you use to figure out the required range?  Did you use
any of the sections of the NW Admin guide?

Any help/advice would be appreciated.  TIA.

Cheers,
Jim

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] Linux File Size limitation, iykim
Next by Date:  Re: [Networker] restoring file index for expired rention and browse policy., Davina Treiber
Previous by Thread:  [Networker] NetWorker and Firewalls, Neild, Jim
Next by Thread:  Re: [Networker] NetWorker and Firewalls, Howard Martin
Indexes:  [Date] [Thread] [Top] [All Lists]