-
Title
VaultOS Firewall port range -
Description
Date: 08/07
Affected NV Version: All
OS Version: All supported VaultDR Server platforms.
Plug-in version: VaultOS 3.6 and later
Application version: N/A
Description:
Which ports will need to be unblocked to backup a VaultDR Offline (Intel x86) client through a firewall?
Symptoms:
VaultDR Offline (Intel x86) clients can not be backed up through a firewall.
Reason:
NetVault uses different ports when backing up and restoring with the VaultDR Offline plugin than when it runs regular backups and restores of a client.
Outgoing connections are not necessarily initiated from the same ports than incoming ones. The server tries to connect to port 10000 on the client, which then establishes a second connection back to the "Valid listen Port for NetVault NDMP data channels" (configurable in nvconfigurator -> Firewall on the server).
If this port range is not configured, the server will bind to socket 0, leading to a semi-random port as it is assigned by the service provider. These ports usually start at port 32768 and are incremented with subsequent listeners. -
Resolution
In order to run successful backups and restores with the VaultDR offline plugin through a firewall, you need to configure the "Valid listen Port for NetVault NDMP data channels" on the server.
Then you need to open the port range you configured here for incoming connections to the server, and open port 10000 for incoming connections to the client. -
Additional Information
BakBone SFDC Solution Number: 00001455