NetWorker in a Firewalled environment

Service ports are where an application is listening for connections. Connection ports are outbound connections to other servers' service ports.

Default service ports for NetWorker are TCP 7937-9936. They listen for and service backup requests coming from a NetWorker server. They are randomly chosen by the configured port range by EMC portmapper.

Connection ports are by default set to 0-0, which means use any port available. On version 7.4 and newer, port range is set to 0-0. Upgraded NetWorker servers that go to 7.4 or newer maintain the settings prior to upgrade to maintain compatibility.

Port ranges can be manually configured. The process daemon nsrexecd will always listen on 7937 and 7938 no matter what the value is set for. 7938 is rpcbind, or portmapper and resides in /nsr/res/nsrladb on each NetWorker host.

NetWorker 8 requires the following ports:

Daemon/Process# PortsFunction
nsrd 1 Server
nsrexecd 4 Server, StorageNode, Client
nsrindexd 1 Server
nsrjobd 1 Server
nsrlogd 1 Audit Log server only
nsrmmgd 1 Server
nsrmmdbd 1 Server
nsrpush 1 Server
nsrsnmd 1 Server, StorageNode

These add to 12 for the server. in addition, nsrlcpd requires 1 connection for each jukebox, and 2 for each FTD device connected. AFTD requires the max count settings of all devices.

To configure the port ranges, determine the port count required. User must have update port ranges resources permission. Us nsradmin -p nsrexec to add permissions, or us NMC, nsrports, nsradmin to set port ranges.

NetWorker Management Console server requires 3 ports for processes and 2 for SNMP if using DD Boost. There is 1 for the web server, 1 for RPC, and 1 for database calls. By default, 9000 is the default httpd port, 9001 is RPC, and 2368 is the default database port.

For a firewall configuration, the following rules would need to be configured:

Direction Protocol Ports Comments
OutboundTCP 7937-#from server to client
OutboundTCP 7937-#from server to storage node
InboundTCP 7937-#from client to server

Where # is equal to the highest port number as determined by adding all necessary processes together.