NetWorker in a Firewalled environment
Service ports are where an application is listening for connections. Connection ports are outbound connections to other servers' service ports.
Default service ports for NetWorker are TCP
7937-9936. They listen for and service backup requests coming from a NetWorker server. They are randomly chosen by the configured port range by EMC portmapper.
Connection ports are by default set to 0-0, which means use any port available. On version 7.4 and newer, port range is set to 0-0. Upgraded NetWorker servers that go to 7.4 or newer maintain the settings prior to upgrade to maintain compatibility.
Port ranges can be manually configured. The process daemon
nsrexecd will always listen on
7938 no matter what the value is set for.
portmapper and resides in
/nsr/res/nsrladb on each NetWorker host.
NetWorker 8 requires the following ports:
|nsrexecd||4||Server, StorageNode, Client|
|nsrlogd||1||Audit Log server only|
These add to 12 for the server. in addition,
nsrlcpd requires 1 connection for each jukebox, and 2 for each FTD device connected. AFTD requires the max count settings of all devices.
To configure the port ranges, determine the port count required. User must have update port ranges resources permission. Us
nsradmin -p nsrexec to add permissions, or us NMC,
nsradmin to set port ranges.
NetWorker Management Console server requires 3 ports for processes and 2 for SNMP if using DD Boost. There is 1 for the web server, 1 for RPC, and 1 for database calls. By default,
9000 is the default httpd port,
9001 is RPC, and
2368 is the default database port.
For a firewall configuration, the following rules would need to be configured:
|Outbound||TCP||7937-#||from server to client|
|Outbound||TCP||7937-#||from server to storage node|
|Inbound||TCP||7937-#||from client to server|
Where # is equal to the highest port number as determined by adding all necessary processes together.