Chat now with support
Chat with Support

NetVault 12.3 - Administration Guide for Managed Service Providers

Introduction Getting started Configuring clients Managing catalog search Configuring storage devices Backing up data Managing policies Restoring data Managing NetVault Backup dashboard Managing jobs Monitoring logs Managing storage devices
Role-based access to manage storage devices Monitoring device activity Managing disk-based storage devices in list view Managing disk-based storage devices in tree view Managing the Snapshot Array Manager Managing tape libraries in list view Managing tape libraries in tree view Managing tape drives in list view Managing tape drives in tree view Adding shared devices
Managing storage media Managing user and group accounts Managing Tenant Monitoring events and configuring notifications Reporting in NetVault Backup Working with client clusters Configuring default settings for NetVault Backup
About configuring default settings Configuring encryption settings Configuring plug-in options Configuring default settings for post-scripts Configuring default settings for Verify Plug-in Configuring Deployment Manager Settings Configuring Job Manager settings Configuring Logging Daemon settings Configuring Media Manager settings Configuring Network Manager settings Configuring Process Manager settings Configuring RAS device settings Configuring Schedule Manager settings Configuring Web Service settings Configuring Auditor Daemon settings Configuring firewall settings Configuring general settings Configuring security settings Synchronizing NetVault Time Configuring the reporting utility Configuring NetVault Backup WebUI default settings Configuring NetVault Backup to use a specific VSS provider Configuring default settings using Txtconfig
Diagnostic tracing Managing diagnostic data Using the deviceconfig utility NetVault Backup processes Environment variables Network ports used by NetVault Backup Troubleshooting

Firewall settings

Firewall settings are required to communicate with NetVault Backup Clients that reside outside the firewall. MSP administrator and tenant administrator can use these settings to specify the TCP/IP ports for establishing data transfer channels, message channels, and broadcast channels through the firewall.

MSP administrator and tenant administrator can configure the firewall settings when deploying or adding a client, or update these settings from the Change Settings page. MSP administrator and tenant administrator can also use the NetVault Backup WebUI to configure the firewall settings for new or existing clients.

 
* 
NOTE: NetVault Backup does not support firewalls using NAT (Network Address Translation)/IP Masquerading.

Common firewall ports must used by all the tenant administrators, where same settings must be made for all the client machines.

The following table provides a brief description of the firewall settings.

 
Table 18. Firewall settings
Option
Description

Listen ports for devices

Ports to listen on for device requests.

Configure this option on the NetVault Backup machines that have a locally attached device (for example, NetVault Backup Server or NetVault Backup Clients with SmartClient licenses).

Requirement: Two ports per drive.

Connect ports for devices

Ports that plug-ins use to connect to remote storage devices.

Configure this option on clients that connect to remote devices.

Requirement: Two ports per drive.

Listen ports for NetVault Backup message channels

Ports for receiving messages during data transfers.

Configure this option on both the NetVault Backup Server and the Client. NetVault Backup requires a two-way connection between the Server and the Client for message channels.

Requirement: Three ports per client.

To run two or more plug-ins simultaneously on a client, configure two ports per plug-in and an extra port per client. For example, to run two plug-ins simultaneously, configure (2 * 2) + 1 = 5 ports for a client.

Connect ports for NetVault Backup message channels

Ports for sending messages during data transfers.

Configure this option on both the NetVault Backup Server and the Client. NetVault Backup requires a two-way connection between the Server and the Client for message channels.

Requirement: Three ports per client.

To run two or more plug-ins simultaneously on a client, configure two ports per plug-in and an extra port per client. For example, to run two plug-ins simultaneously, configure (2 * 2) + 1 = 5 ports for a client.

Connect ports for NDMP control channels

Ports for sending NDMP messages (NDMP control channels).

Configure this option on the NetVault Backup Server (on which the plug-in is installed) when a firewall separates an NDMP filer and the NetVault Backup Server.

By default, NetVault Backup uses port number 10000. You can change it, if necessary.

Listen ports for NDMP data channels

Ports to listen on for NetVault Backup devices operating as NDMP movers.

Configure this option on the NetVault Backup Server or Client to which the device is attached. These ports are used for data transfers between the NDMP filer and storage device when a firewall separates the two networks.

Connect ports for inter-machine setup

Ports for establishing initial contact (broadcast channels) while adding a NetVault Backup Client, and later to ascertain its availability.

Requirement: Two ports per client.

You can use the following formats to specify the ports or port ranges for data channels, message channels, and broadcast channels:
A comma-separated list (example: 20000, 20050)
A port-range separated by a dash (example: 20000-20100)
A combination of comma-separated list and port-range (example: 20000-20100, 20200)
 
* 
NOTE: You must configure the same port-range for data, message, and broadcast channels across all NetVault Backup machines.
 
* 
IMPORTANT:  
NetVault Backup does not support firewalls using NAT (Network Address Translation)/IP Masquerading.
NetVault Backup uses port number 20031 for TCP and UDP messaging. Make sure that this port is open on the firewall.

For more information, see the following sections:
Firewall filtering rules
Firewall configuration example

Firewall filtering rules

When creating firewall rules on the server and client machines, make sure that you open the following ports to send and receive traffic from NetVault Backup.

 
* 
IMPORTANT: MSP administrator can create Server to Client firewall rules and Tenant administrator can create Client to Server firewall rules.
 
Table 19. Firewall filtering rules
From
To
TCP/UDP
Source port
Destination port

Server

Client

TCP

Connect ports for inter-machine connection setup specified on the NetVault Backup Server

20031

Client

Server

TCP

Connect ports for inter-machine connection setup specified on the NetVault Backup Clients

20031

Server

Client

TCP

Connect ports for message channels specified on NetVault Backup Server

Listen Ports for Message Channels specified on the NetVault Backup Clients

Client

Server

TCP

Listen ports for message channels specified on the NetVault Backup Clients

Connect Ports for Message Channels specified on the NetVault Backup Server

Server

Client

UDP

20031

20031

Client

Server

UDP

20031

20031

Server

Client

TCP

Listen ports for devices specified on the NetVault Backup Server and Clients

Connect ports for devices specified on the NetVault Backup Clients

Client

Server

TCP

Connect ports for devices specified on NetVault Backup Clients

Listen ports for devices specified on NetVault Backup Server and Clients

Firewall configuration example

This example illustrates the network port requirements for a NetVault Backup system with the following configuration:

Number of drives: 6
Number of clients with one plug-in: 10
Number of clients with two plug-ins: 2
 
Table 20. Example: Port requirement calculation
NetVault Backup machine
Port type
Requirement
Total ports
Example port range

Server (with locally attached storage device)

Connect ports for inter‑machine connection setup

Minimum two ports per client

24

50300-50323

Connect ports for NetVault Backup message channels

Minimum three ports per client

40

50200-50239

Listen ports for devices

Minimum two ports per drive

12

50100-50111

Client

Connect ports for inter‑machine connection setup

Minimum two ports per client

(These ports can be the same as the ports specified on the server side.)

24

50300-50323

Listen ports for NetVault Backup message channels

Minimum three ports per client

40

50500-50539

Connect ports for devices

Minimum two ports per drive

12

50400-50411

The following table illustrates the firewall filtering rules for this system.

 
Table 21. Example: Firewall filtering rules
From
To
TCP/UDP
Source port
Destination port

Server

Client

TCP

50300-50323

20031

Client

Server

TCP

50300-50323

20031

Server

Client

TCP

50200-50237

50500-50537

Client

Server

TCP

50500-50537

50200-50237

Server

Client

UDP

20031

20031

Client

Server

UDP

20031

20031

Server

Client

TCP

50100-50111

50400-50411

Client

Server

TCP

50400-50411

50100-50111

Locating a client

The clients that reside in a different subnet are not included in the list of available clients. You can use the Find Machine option to locate and add such clients.

To locate and add a client that is not discovered automatically:
1
Start the client addition wizard, and then click Find Machine.
2
On the Find Client page, type the Fully Qualified Domain Name (FQDN) or IP address of the client, and click Find.
3
After the machine is located, complete Step 2 through Step 5 in the section Adding a client to the NetVault Backup Server.
 
* 
NOTE: NetVault Backup reports an error if it fails to locate the specified client on the network. An error can occur for reasons such as the following:
The NetVault Backup software is not installed on the machine.
The NetVault Backup Service is not running on the machine.
The DNS lookup table or the machine’s host table cannot be contacted.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating