[Veritas-bu] connecting to bpcd through a Checkpoint 4.x Firewall on Solaris
2001-01-25 07:56:06
Subject: |
[Veritas-bu] connecting to bpcd through a Checkpoint 4.x Firewall on Solaris |
From: |
Dennis Dwyer dfdwyer AT tecoenergy DOT com |
Date: |
Thu, 25 Jan 2001 07:56:06 -0500 |
Dana,
I recently went through the same process of trying to get my NetBackup Master
server to be able to backup up several servers in my DMZ and relied heavily on
information received from this group to achieve this. Be sure you look through
the veritas-bu list server archives. There is also a Veritas Technote (187321
dated July 26, 2000) you should try to get that talks about allowing port
access through your firewall and all that. I found it very comforting that the
document started out "NetBackup is not designed to support backups through a
firewall" but I got it to work anyway. You'll also have to work with your
network guys (if you're not a network person) to add static routes (persistent
routes in NT land) from the clients through the appropriate firewall port to
your NetBackup server address. Your security folks that maintain the firewall
will also have to allow usage of ports 512 - 1024 by NetBackup and its clients.
I can't tell you all the particulars because I only know enough network stuff
to ask the right questions.
I am running NetBackup 3.2GA on a Sun 450 running Solaris 2.6
Hope all or part of this epistle has been helpful.
Regards,
Dennis
Quote: "Time is not a test of the truth"
Translation: Just because you've always done it that way, doesn't make it right
Dennis F. Dwyer
Enterprise Storage Manager
Tampa Electric Company
(813) 225-5181 - Voice
(813) 275-3599 - FAX
Visit our corporate website at www.tecoenergy.com
>>> Dana Bourgeois <Dana AT slamdunknetworks DOT com> 01/24/01 05:03PM >>>
I have a lot of experience with Legato but little with Veritas. I have an
application server in my DMZ. We use NAT. Netbackup Datacenter 3.4,
Solaris 2.6. I can trace the bpcd on the client in the DMZ and watch it
fail. It is trying to bind a port on the firewall rather than communicate
through to the master (how it would do that I don't know because I've never
seen a successful gateway trace). It knows about the master - I can see it
read all the config files and resolve the master's IP address successfully.
I am installing the latest patch - J0850559 - on the server and client and
will see if that fixes this problem. While I am doing that, does anyone
have a similar problem they have solved? Any ideas?
Dana Bourgeois
Slam Dunk Networks
Digital Mechanic & Network Janitor
1.650.632-5543
1.650.996-5687 [cell]
_______________________________________________
Veritas-bu maillist - Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
|
|
|