I'm using Symantec BackupExec 2010 sp3 software. I trye'd to make strict security rules, so security rule that allowing traffic between BE server and servers in DMZ allowing only traffic for backupexec aplications with aplication defaults services.
But this rule was wrong ()backups always failed), I changed aplication defaults port to ANY and for few days it worked.
Today I saw in BE logs error connecting to servers in DMZ. In traffic log I had NDMP traffic denied, so I added to security policy NDMP aplications (I still leave ANY as a services)
I lunched backup and I saw in traffic logs only backupexec as a aplication on two ports 10000 (NDMP) and another one (but its dynamic)
According to Applipedia backupexec uses Standard Ports: tcp/dynamic
In my opinion something is wrong. NDMP should be marked as dependent aplication when you commit or backupexec aplication should allow ndmp traffic by themself.
If I'm wrong please expleain me how it works.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!