Filter
Top Products
Customizing the Data Protector Environment
Firewall Support
Chapter 11 539
1. In order to determine which processes need to communicate across
the firewall, see Table 11-2 (Disk Agent column). It shows that the
Disk Agent needs to accept connections from the Session Manager on
port 5555. This leads to the following rule for the firewall:
✓ Allow connections from the CM system to port 5555 on the DA
system
2. See also Table 11-3 for the Disk Agent. It shows that the Disk Agent
connects to a dynamically allocated port on the Media Agent. Since
you do not want to open the firewall for communication between the
Disk and Media Agent in general, you need to limit the range of ports
from which the Media Agent can allocate a listen port.
See Table 11-1 for the port consumption of the Media Agent. The
Media Agent requires only one port per running Media Agent. For
example, if you have four tape devices connected, you may have four
Media Agents running in parallel. This means that you need at least
four ports available. However, since other processes may allocate
ports from this range as well, you should specify a range of about ten
ports on the MA system:
OB2PORTRANGESPEC=xMA-NET:18000-18009
This leads to the following firewall rule for the communication with
the Media Agent:
✓ Allow connections from the DA system to port 18000-18009 on the
MA system
NOTE This rule allows connections from the DMZ to the intranet, which is a
potential security risk.
3. Table 11-3 also shows that the Disk Agent needs to connect to the
Session Manager (BSM/RSM) when the Reconnect broken
connections option is enabled. You can specify a required port
range on the CM system analogous to the previous item.
OB2PORTRANGESPEC=xSM:20100-20199