|
[Veritas-bu] Firewall setup
2006-12-18 10:48:19
|
Subject: |
[Veritas-bu] Firewall setup |
|
From: |
pkeating at bank-banque-canada.ca (Paul Keating) |
|
Date: |
Mon, 18 Dec 2006 10:48:19 -0500 |
You've pretty much described my env also.
as for your backups that hang at 99 or 100%, have your network guys
inspect their FW logs for "drops" with a message like "SYN ACK recieved
out of order" or something along those lines.
it's probably because your firewall session timeout has expired.
Paul
--
-----Original Message-----
From: veritas-bu-bounces at mailman.eng.auburn.edu
[mailto:veritas-bu-bounces at mailman.eng.auburn.edu] On Behalf Of Weber,
Philip
Sent: December 18, 2006 10:38 AM
To: NB List Mail
Subject: Re: [Veritas-bu] Firewall setup
We've gone firewall-mad over the last couple of years and now
pretty much all of our clients are behind at least one firewall from the
perspective of the NetBackup servers. In general we open ports 13782,
13724 and 13720 in both directions, to make life simpler. This can be
reduced so that only 13782 is open from the DMZ - which is what we do
for clients in the "real" DMZ. Set the clients to use vnetd, in the
clients tab of the master server properties (or use bpclient).
We do occasionally have connection errors and currently have a
big issue in our NB 5.1 MP5 environment, with frequent but irregular
"hanging backups", where the backup has apparently completed but hangs
at 99% or 100%. Seems to be because the final call from the client back
to bpbrm is not being received by the media server. Seems to be
something in our environment but we are in the process of trying to
prove this between Symantec and our Network support team.
Also in some cases have firewalls between media/master servers
which is a whole new problem...
====================================================================================
La version fran?aise suit le texte anglais.
------------------------------------------------------------------------------------
This email may contain privileged and/or confidential information, and the Bank
of
Canada does not waive any related rights. Any distribution, use, or copying of
this
email or the information it contains by other than the intended recipient is
unauthorized. If you received this email in error please delete it immediately
from
your system and notify the sender promptly by email that you have done so.
------------------------------------------------------------------------------------
Le pr?sent courriel peut contenir de l'information privil?gi?e ou
confidentielle.
La Banque du Canada ne renonce pas aux droits qui s'y rapportent. Toute
diffusion,
utilisation ou copie de ce courriel ou des renseignements qu'il contient par une
personne autre que le ou les destinataires d?sign?s est interdite. Si vous
recevez
ce courriel par erreur, veuillez le supprimer imm?diatement et envoyer sans
d?lai ?
l'exp?diteur un message ?lectronique pour l'aviser que vous avez ?limin? de
votre
ordinateur toute copie du courriel re?u.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://mailman.eng.auburn.edu/pipermail/veritas-bu/attachments/20061218/15d1c567/attachment.html
|
|
|
