Firewall Configuration for Backup Server Control Connection
last updated: Mar 03, 2015 01:18 PM CET
A control connection of the backup server to the client server may be necessary to signal the client a tape change.
The control connection is tied to Backup Client Port. The port is determined by the following file: Hiback \ fire.bal (Windows client) or /Hiback/fire.ball (UNIX and Linux client).
The file contains either one port per line or a port queue (syntax: port1-port2). Example:
15000
32320-32322
The client looks in the files and creates a list of ports (for example: 15000, 32320, 32321, and 32322). If the files do not exist, the port list starts with 1025 and ends with 65535. When using the fire.bal [l] k, the port list is shortened according to the content.
The client then walks through the list to bind the specified port. If this fails, the next port in the list is selected until a port can be bound. The selected port number is then sent to the backup server so that the backup server can be connected to that client port to open the control connection.
Attention: A definition of port numbers in the fire.bal [l] config file assumes that the ports are not blocked on the local or network firewall (in the direction from the backup server to the client).