NetWorker in a Firewalled environment
Service ports are where an application is listening for connections. Connection ports are outbound connections to other servers' service ports.
Default service ports for NetWorker are TCP 7937-9936
. They listen for and service backup requests coming from a NetWorker server. They are randomly chosen by the configured port range by EMC portmapper.
Connection ports are by default set to 0-0, which means use any port available. On version 7.4 and newer, port range is set to 0-0. Upgraded NetWorker servers that go to 7.4 or newer maintain the settings prior to upgrade to maintain compatibility.
Port ranges can be manually configured. The process daemon nsrexecd
will always listen on 7937
and 7938
no matter what the value is set for. 7938
is rpcbind
, or portmapper
and resides in /nsr/res/nsrladb
on each NetWorker host.
NetWorker 8 requires the following ports:
Daemon/Process | # Ports | Function |
---|---|---|
nsrd | 1 | Server |
nsrexecd | 4 | Server, StorageNode, Client |
nsrindexd | 1 | Server |
nsrjobd | 1 | Server |
nsrlogd | 1 | Audit Log server only |
nsrmmgd | 1 | Server |
nsrmmdbd | 1 | Server |
nsrpush | 1 | Server |
nsrsnmd | 1 | Server, StorageNode |
These add to 12 for the server. in addition, nsrlcpd
requires 1 connection for each jukebox, and 2 for each FTD device connected. AFTD requires the max count settings of all devices.
To configure the port ranges, determine the port count required. User must have update port ranges resources permission. Us nsradmin -p nsrexec
to add permissions, or us NMC, nsrports
, nsradmin
to set port ranges.
NetWorker Management Console server requires 3 ports for processes and 2 for SNMP if using DD Boost. There is 1 for the web server, 1 for RPC, and 1 for database calls. By default, 9000
is the default httpd port, 9001
is RPC, and 2368
is the default database port.
For a firewall configuration, the following rules would need to be configured:
Direction | Protocol | Ports | Comments |
---|---|---|---|
Outbound | TCP | 7937-# | from server to client |
Outbound | TCP | 7937-# | from server to storage node |
Inbound | TCP | 7937-# | from client to server |
Where # is equal to the highest port number as determined by adding all necessary processes together.