We've gone firewall-mad over the last couple of years and now pretty
much all of our clients are behind at least one firewall from the
perspective of the NetBackup servers.  In general we open ports 13782,
13724 and 13720 in both directions, to make life simpler.  This can be
reduced so that only 13782 is open from the DMZ - which is what we do
for clients in the "real" DMZ.  Set the clients to use vnetd, in the
clients tab of the master server properties (or use bpclient).
 
We do occasionally have connection errors and currently have a big issue
in our NB 5.1 MP5 environment, with frequent but irregular "hanging
backups", where the backup has apparently completed but hangs at 99% or
100%.  Seems to be because the final call from the client back to bpbrm
is not being received by the media server.  Seems to be something in our
environment but we are in the process of trying to prove this between
Symantec and our Network support team.
 
Also in some cases have firewalls between media/master servers which is
a whole new problem...
 
Phil Weber 
Business Technology (Egg) 
Storage Technical Services - Senior UNIX Technologist 

-----Original Message-----
From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Hindle,
Greg
Sent: 18 December 2006 13:06
To: NB List Mail
Subject: [Veritas-bu] Firewall setup



Nb 5.0 mp6 Solaris 9 

We have a DMZ zone setup that has 10 servers in it. We back up these
servers through our firewall. We occasionally get connection errors. I
would like to know if anyone else out there would be interested in
sharing their setup, port ranges etc on how they backup servers through
a firewall.  We currently do not use the firewall section in the host
properties and I am thinking that maybe I should be adding the servers
that are on the other side of the firewall to this tab.


Greg 

>>> This e-mail and any attachments are confidential, may contain legal,

professional or other privileged information, and are intended solely
for the

addressee.  If you are not the intended recipient, do not use the
information

in this e-mail in any way, delete this e-mail and notify the sender.
CEG-IP2




-----------------------------------------
Egg is a trading name of the Egg group of companies which includes:
Egg plc (reg no 2448340), Egg Financial Intermediation Ltd (reg no
3828289), and Egg Banking plc (reg no 2999842). Egg Banking plc and
Egg Financial Intermediation Ltd are authorised and regulated by
the Financial Services Authority (FSA) and are entered in the FSA
register under numbers 205621 and 309551 respectively. These
members of the Egg group are registered in England and Wales.
Registered office: Laurence Pountney Hill, London EC4R 0HH. 

This e-mail is confidential and for use by the addressee only. If
you are not the intended recipient of this e-mail and have received
it in error, please return the message to the sender by replying to
it and then delete it from your mailbox. Internet e-mails are not
necessarily secure. The Egg group of companies do not accept
responsibility for changes made to this message after it was sent.


Whilst all reasonable care has been taken to avoid the transmission
of viruses, it is the responsibility of the recipient to ensure
that the onward transmission, opening or use of this message and
any attachments will not adversely affect its systems or data. No
responsibility is accepted by the Egg group of companies in this
regard and the recipient should carry out such virus and other
checks as it considers appropriate.

This communication does not create or modify any contract.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20061218/e3c9274d/attachment.html