Filter
Top Products
Customizing the Data Protector Environment
Firewall Support
Chapter 11 533
When writing the firewall configuration rules, the process in the first
column must be able to accept new TCP connections (SYN bit set) on the
ports defined in the second column, from the process listed in the third
column.
In addition, the process listed in the first column must be able to reply to
the process in the third column on the existing TCP connection (SYN bit
not set).
For example, the Inet process on a Media Agent system must be able to
accept new TCP connections from the Cell Manager on port 5555. The
Media Agent must be able to reply to the Cell Manager using the existing
TCP connection. It is not required that the Media Agent is capable of
opening a TCP connection.
The following table provides a list of all Data Protector components. The
first two columns list all applicable connecting processes, while the last
two columns list the process identifiers and their listen ports. Processes
that do not initiate connections are not listed (for example, Inet).
Application Host
Inet 5555 xSM
N/A
a
Application Agent Does not accept connections
a. The source port of a connection is always assigned by
the operating system and cannot be limited to a specific
range.
b. Only for backup sessions with the reconnect feature
enabled. The Disk Agent and the Media Agent
communicate with the Cell Manager using the existing
TCP connection. The connection in this column is only
established after the original connection is broken.
Table 11-2
Listening Component Connecting Component
Process Port Process Source Port