HP B6960-90078 User Manual

Customizing the Data Protector Environment

Firewall Support

Chapter 11

545

Here, the application Agent connects to the Media Agent. However,
this connection does not go through the firewall and so you do not
need to specify a port range.

This leads to the following firewall rule for the connection to the

Inet

listen port.

✓ Allow connections from the Application Agent system to port 5555

on the CM system

NOTE

This rule allows connections from the DMZ to the intranet, which is a
potential security risk.

2. Table 11-1 shows that CRS requires only one port. However, since

other processes may allocate ports from this range as well, you should
specify a range of about five ports on the CM system. The port range
could be defined as follows:

OB2PORTRANGESPEC=CRS:20000-20004

The resulting firewall rule for the connection to the CRS process is:

✓ Allow connections from the Application Agent system to ports

20000-20004 on the CM system

3. For the Backup and Restore Session Manager, the situation is more

complex. Every backup and restore session is started by one Session
Manager, and every Session Manager requires one port. Additionally,
an Application Agent may need to start some DBSMs. For Microsoft
Exchange, Microsoft SQL, and Lotus Domino R5 Server integrations,

CRS

Dynamic

RSM

Dynamic

BSM

Dynamic

DBSM

Dynamic

xMA-NET

Dynamic

Table 11-5

Process

Port