When performing remote backups through a firewall, one should select a specific range under Network & Firewall defaults dialog box in the Backup Exec console and open the exact range on the Firewall/TCP Filtering.
Note: According to IANA (INTERNET ASSIGNED NUMBERS AUTHORITY),Ports which we think is Dynamic and Free are not TRUE, Infact when we go through the List of ports given by IANA authority we will find that most ports which we assign are either well known ports OR registered ports and therefore when we specify them in Backup Exec console (Under Network & Firewall) option it does not follow the rule and often get rejected/Refused by the remote server.
According to IANA :
http://www.iana.org/assignments/port-numbers
PORT NUMBERS =(last updated 2007-03-12)
The port numbers are divided into three ranges:
1.The Well Known Ports.
The Well Known Ports are those from 0 through 1023.
2.The Registered Ports.
The Registered Ports are those from 1024 through 49151
3.The Dynamic and/or Private Ports.
The Dynamic and/or Private Ports are those from 49152 through 65535 (Here we need to search for unassigned ports)
As we can see port between 1024 and 49151 is registered and therefore even if we specify these range on the Backup Exec(under tools--options--network & firewall) and similar range on the remote server Firewall/TCP Filerting it may not backup or "refuse to communicate" as seen in the SGMON error.
Resolution:
To overcome this problem, its recommended to specify maximum FREE (UNASSINGED Dynamic Port) range available and stated by IANA and as per the IANA information it looks like the maximum range available is :5204-5221 which is about 17 ports. Its up to the system administrator to open all the "17" ports or just assign "10" ports. You may refer to IANA website to refer other range.
No comments:
Post a Comment