Customizing the Data Protector Environment
Firewall Support
Chapter 11 537
✓ Allow connections from the CM system to port 5555 on the MA
system
This table also shows that the Media Agent needs to accept
connections from the Disk Agent. However, since these two agents do
not communicate through the firewall, you do not need to define a
firewall rule for them.
2. See also Table 11-3 for the Disk Agent and Media Agent.
This table also shows that both agents may connect to the Session
Manager and that the Media Agent may need to connect to a utility
Media Agent (UMA). However, this only occurs when shared tape
libraries are used or the Reconnect broken connections option is
enabled. See “Backup Specification Options” on page 236 for
information on this option.
Port Range
Settings
Since all connections that need to go through the firewall connect to the
fixed port number 5555, you do not need to define OB2PORTRANGE or
OB2PORTRANGESPEC variables in this environment.
Limitations • Remote installation of clients across the firewall is not supported.
You need to install clients locally in the DMZ.
• This cell can back up clients in the DMZ, as well as clients in the
intranet. However, each group of clients must be backed up to devices
configured on clients that are on the same side of the firewall.
IMPORTANT If your firewall does not restrict connections from the intranet to the
DMZ, it is possible to back up clients in the intranet to devices
configured on clients in the DMZ. However, this is not recommended, as
the data backed up in this way becomes more vulnerable.
• If a device in the DMZ has robotics configured on a separate client,
this client must also be in the DMZ.
• This setup does not allow the backup of databases or applications
using Application Agents on the clients in the DMZ. For details on
Application Agents in the DMZ, refer to “Example 4: Application
Agent and Media Agent Installed Outside, Other Components
Installed Inside a Firewall” on page 543.