HP B6960-90078 User Manual

Customizing the Data Protector Environment

Firewall Support

Chapter 11

533

When writing the firewall configuration rules, the process in the first
column must be able to accept new TCP connections (SYN bit set) on the
ports defined in the second column, from the process listed in the third
column.

In addition, the process listed in the first column must be able to reply to
the process in the third column on the existing TCP connection (SYN bit
not set).

For example, the

Inet

process on a Media Agent system must be able to

accept new TCP connections from the Cell Manager on port 5555. The
Media Agent must be able to reply to the Cell Manager using the existing
TCP connection. It is not required that the Media Agent is capable of
opening a TCP connection.

The following table provides a list of all Data Protector components. The
first two columns list all applicable connecting processes, while the last
two columns list the process identifiers and their listen ports. Processes
that do not initiate connections are not listed (for example,

Inet

).

Application Host

Inet

5555

xSM

N/A

a

Application Agent

Does not accept connections

a. The source port of a connection is always assigned by

the operating system and cannot be limited to a specific
range.

b. Only for backup sessions with the reconnect feature

enabled. The Disk Agent and the Media Agent
communicate with the Cell Manager using the existing
TCP connection. The connection in this column is only
established after the original connection is broken.

Table 11-2

Listening Component

Connecting Component

Process

Port

Process

Source Port