Customizing the Data Protector Environment
Firewall Support
Chapter 11 529
NOTE The OB2PORTRANGE variable only applies to dynamically allocated ports.
It does not affect the usage of the default Data Protector port number
5555.
Defining a port range for the Data Protector processes limits the port
usage of Data Protector. It does not prevent other applications from
allocating ports from this range as well.
For a Specific Data
Protector Agent
In many cases it is not required that all Data Protector agents
communicate across a firewall. For example, one specific agent can be
outside a firewall, while all other components are inside of it. In such
environments it is useful to limit the range of port numbers only for the
specific agent. This allows you to define a much smaller port range and
so reduce the need of open ports through the firewall.
You can limit the port range on a system on which a specific agent runs
by using the OB2PORTRANGESPEC variable in the omnirc file:
OB2PORTRANGESPEC=<AGENT>:<start_port>-<end_port>;...
All agent processes check the OB2PORTRANGESPEC for range restrictions.
If there is a range defined for an agent process, all dynamically allocated
ports select from this specified range. The port range is allocated by
taking the first available port, starting with port "start_port". If there is
no available port within the specified range, the port allocation fails and
the requested operation is not done. See “Examples of Configuring Data
Protector in Firewall Environments” on page 535 for information on how
to calculate the required range of port numbers.