Firewall support, Limiting the range of port numbers – HP B6960-90078 User Manual

Customizing the Data Protector Environment

Firewall Support

Chapter 11

528

Firewall Support

This section describes how to configure Data Protector in an
environment where the Data Protector processes communicate across a
firewall.

Communication in
Data Protector

Data Protector processes communicate using TCP/IP connections. Every
Data Protector system accepts connections on port 5555 by default. In
addition, some processes dynamically allocate ports on which they accept
connections from other Data Protector processes.

To enable Data Protector processes to communicate across a firewall,
Data Protector allows you to limit the range of port numbers from which
dynamically allocated ports are selected. Port ranges are defined on a per
system basis. It is possible to define a port range for all Data Protector
processes on a specific system, as well as to define a port range for a
specific Data Protector agent only.

Configuration
Mechanism

The port allocation behavior can be configured through two

omnirc

variables:

OB2PORTRANGE

and

OB2PORTRANGESPEC

. By default, both

variables are not set and ports are assigned dynamically by the
operating system.

Limiting the Range of Port Numbers

For All Data
Protector
Processes

You can limit the port range for all Data Protector processes on a system
by using the

OB2PORTRANGE

variable in the

omnirc

file:

OB2PORTRANGE=-

Data Protector processes use dynamically allocated ports and select
ports from this range. The port range is allocated by taking the first
available port, starting with port "start_port". If there is no available
port within the specified range, the port allocation fails and the
requested operation is not done. Refer to Table 11-1 on page 530 for
information on port consumption.