If there is a firewall between the NetApp filer and the NetVault Backup (NVBU) Server, additional configuration is required on both the NVBU side and the NetApp filer side.
Backup failures caused by firewalls usually generate NDMP_CONNECT_ERR errors.
By default, NDMP communication should be through port 10000. Configure the NVBU firewall settings according to solution SOL78817.
If NVBU firewall options are configured correctly, but backups still fail, analyze the connection from the NetApp side using the following troubleshooting steps from NetApp.
Refer to this KB article from NetApp to troubleshoot NetApp NDMP connection problems. It refers to connections from host (NetVault Server) to filer failing:
A NetApp support login is required to access this article. The following steps are based on the document linked above.
1 -On the filer, enter: ndmpd status and verify that NDMPD is ON.
Enter ndmpd on if NDMPD is OFF.
2 - If NDMPD is on, check the following:
a - On the filer, enter netstat -a
b - Verify port 10000 is listed.
c - If port 10000 is not listed, proceed to step 3.
filer> netstat -a
Active TCP connections (including servers)
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
*.10000 *.* 0 0 0 0 LISTEN
d - Telnet to filer on port 10000:
telnet filer_hostname 10000
e - If the error message Connection refused is returned, proceed to step 3.
f - If the message Connection successful is returned, then the filer's NDMPD port is listening properly.
3 - Toggle NDMPD off and on.
ndmpd off;ndmpd on
4 - If the source and destination filer's NDMPCOPY/JNDMPCOPY hosts are separated by a firewall, then verify port 10000 is not blocked by the firewall.
5 - Check that the syntax of the command is correct:
On the NDMPCOPY host, enter, without any options, ndmpcopy
A Help menu will appear.
6 - If problems persist, contact NetApp Tech Support.