Networker

Re: [Networker] Legato firewall question

2004-01-30 14:26:57
Subject: Re: [Networker] Legato firewall question
From: Chad Smykay <csmykay AT RACKSPACE DOT COM>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Fri, 30 Jan 2004 13:26:34 -0600
I read that they have reduced the amount of ports needed with 7.1
originally.  Of course from talking with different people with Legato this
did not get into the build.  But I do believe it is on there roadmap for
this year.


Chad Smykay, RHCE, LCNA
Systems Storage Administrator
Rackspace Managed Hosting (TM)
210-892-4025 ext 1603
Cell: 210-273-2344

-----Original Message-----
From: Legato NetWorker discussion [mailto:NETWORKER AT LISTMAIL.TEMPLE DOT EDU] 
On
Behalf Of Kenneth Larsen
Sent: Friday, January 30, 2004 1:11 PM
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Subject: Re: [Networker] Legato firewall question

The legato through a firewall has been up quite a few times. And proberly
will continue to be so until legato makes a smooth solution.
But until then, I think the easiest way is to make a VPN tunnel trough the
firewall and only allow legato to use it. It may cost a bit more in hardware
but most firewall admins will problerly like that solution better than
having to open the ports required for legato make make it work.

Before the backup starts you open the tunnel from the server, and when its
all done you close it down again, for optimal security. Ofcause you will
have to open the tunnel to make recoveries etc.

I have heard though that legato is working on this firewall issue, and
perhaps we will see something soon....

**************************************************
Med venlig hilsen / Regards
Kenneth Larsen
Steria
Tonsbakken 16-18
2740 Skovlunde
kel AT steria DOT dk - 44506261 - 26306261
**************************************************
With a revenue of 1.018bn Euro and more than 8,000 employees, Steria is one
of the top ten IT services companies in Europe.
Steria Denmarks ambition is to reach a yearly growth of 20% in the coming
3 years. Our focus expertise is in:  e-Business, e-Government, Outsourcing,
Infrastructure, CRM and Workflow.




Mariusz Zielinski <mzielinski AT WP-SA DOT PL>
Sent by: Legato NetWorker discussion <NETWORKER AT LISTMAIL.TEMPLE DOT EDU>
27-01-2004 14:35
Please respond to Legato NetWorker discussion; Please respond to Mariusz
Zielinski

        To:     NETWORKER AT LISTMAIL.TEMPLE DOT EDU
        cc:
        Subject:        Re: [Networker] Legato firewall question


On Tuesday 27 of January 2004 04:58, Stan Horwitz wrote:
[...]
> That may be your problem. I think NetWorker only supports backups
> through packet filter type firewalls.

It all depends on firewall configuration. Though networker has poor (if it
can be called so) firewall support. It uses tons of TPC/IP ports, rpc as
core communication mechanism,client connects to server even if is backed up
by storage node and so on ...
Only thing that you can configure is high port range that networker
negotiates using rpc.
So you shouldn't really use networker through firewall. In my opinion
networker requirements are blasting big hole in firewall.

I may be wrong so please comment on it.

--
Mariusz Zielinski

--
Note: To sign off this list, send a "signoff networker" command via email to
listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can also view
and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=


--
Note: To sign off this list, send a "signoff networker" command via email to
listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can also view
and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=