Loading...

Configuring a Firewall Between a File Server and MediaAgent

When the file server and MediaAgent are separated by a firewall, you can use the following procedure to define the ports for transferring data between the two machines.

Before You Begin

Ensure the port for the NDMP control connection is open in the firewall. The port for NDMP control connection is set when adding a NDMP agent.

Note: Typically, port 10000 is used for the NDMP control connection. If the file server has been configured to use a different port number, then you must configure the NDMP Agent under the NAS client to use that port number. Also, each MediaAgent that runs jobs or is used for configuring the file server must be able to connect to this file server on the configured NDMP control connection port.

To view or change the port used for NDMP control connection of a NAS client:

  1. In the CommCell Browser click to expand the NAS client, right-click the NDMP agent, and then click Properties.
  2. Click NDMP Properties.
  3. Change the value of Listen Port and then click OK.

Considerations

If file servers are backed up to a MediaAgent library (such as a disk library or a SAN-attached tape library), then a range of ports must be open on the MediaAgent to receive the incoming data connections from the file servers.

  • UNIX MediaAgents: The number of open ports must be greater than or equal to the combined number of parallel NDMP data streams expected on the MediaAgent.
  • Microsoft Windows MediaAgents: We recommend that the number of open ports be greater than or equal to the combined number of parallel NDMP data streams expected on the MediaAgent. (However, if needed, you can have fewer open ports than the combined number of parallel streams because ports free up quickly after the data connection is established.)

For example if two NDMP subclients use the same MediaAgent at the same time, and each subclient is configured to use four data readers, then configure at least eight open incoming ports on the MediaAgent.

Procedure

  1. In the CommCell Browser, expand Storage Resources > MediaAgents.
  2. Right-click the MediaAgent associated to the storage policy used for backups of the file server and then click Properties.
  3. Click Network.
  4. Click Network Route Configuration > Incoming Ports.
  5. In the From and To boxes, click to select the range of port numbers that you want to allow and then click Add.

    The specified port ranges appear in the Additional Open Ports box.

  6. To specify more ports, select a new range of port numbers and then click Add.
  7. When you are finished adding ports, click OK.
  8. In the CommCell Browser, right-click the same MediaAgent, point to All Tasks, and then click Push Network Configuration.

The specified ports are pushed to the MediaAgent and used to transfer data between the MediaAgent and file server.

Last modified: 10/12/2018 5:12:40 PM