Networker

Re: [Networker] Legato firewall question

2004-01-27 03:53:46
Subject: Re: [Networker] Legato firewall question
From: Paul Brears <paul AT IFL DOT NET>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Tue, 27 Jan 2004 08:53:36 -0000
We backup trough Checkpoint Firewall 1 in several locations and it does work 
BUT you'll run into a
problem in the way Legato connects the storeagenode to the backup servers.

The networker server will have an open TCP connection with the storage node for 
each tape drive.
These TCP sessions are idle unless the tape is being used so during the average 
day these have
nothing going down them.
Most satefull firewalls have a time limit on idle TCP connections and will 
close these sessions (in
the case of Cisco CBAC sending a TCP reset to both hosts after an hour)
When Legato attempts to then use these tcp session it expects it to be open, if 
it isn't the
Networker server will crash claiming it can't find any media in the media index.
There is a code fix for this but we've not tried it. Instead we configured tcp 
keep alives on the
backup server and we've not seen the problem since. (We did this before we got 
the code fix and
we're reasonably happy with the keepalives)
These problems were seen with 6.1.1 on Win2K SP3.


http://support.microsoft.com/default.aspx?scid=KB;en-us;q120642

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/network/deploy/depovg/tcpip2k.asp
Paul

----- Original Message -----
From: "Stan Horwitz" <stan AT TEMPLE DOT EDU>
To: <NETWORKER AT LISTMAIL.TEMPLE DOT EDU>
Sent: Tuesday, January 27, 2004 3:58 AM
Subject: Re: [Networker] Legato firewall question


On Mon, 26 Jan 2004, Pat OBrien wrote:

>What is known about legato 6.1X and firewalls.  I am designing a new
>site, and planing on utilizing a storage node there which will connect to
>one of my legato servers via a firewall.  I have attempted to use the
>legato procedure to backup a client through a checkpoint firewall to no
>avail.  I am discovering some are having better success if using a packet
>type firewall instead of a statefull inspection firewall.  Experience
>good or bad invited.

That may be your problem. I think NetWorker only supports backups
through packet filter type firewalls.

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=