Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Veritas NetBackup server isn't connecting thru firewall

0

0

Article ID: KB6638 KB Last Updated: 07 Oct 2008Version: 2.0
Summary:
Veritas NetBackup server isn't connecting thru firewall
Symptoms:
Customer has Veritas NetBackup server in Trust zone that is attempting to backup a server in the DMZ zone.'  The application starts, but doesn't connect and backup the server.

NAT is enabled on the Trust interface


Solution:

Veritas NetBackup server will not function if using NAT.

Workaround: Change the NetScreen to be in route mode, i.e. enable route mode on the Trust interface. Then create a policy from the Trust to DMZ zone that does not have NAT enabled.
NOTE: If you have existing policies from Trust to other zones, then enable NAT on those policies.

Use of VERITAS NetBackup (tm) with Network Address Translation or Port Address Translation

TechNote ID: 237794 Last Updated:June 30 2003 11:04 PM GMT

Caution! The information in this TechNote is based upon certain assumptions, including product, operating system and platform versions. You can review this information in the TechNote Summary portion of this document. This document ( 237794 ) is provided subject to the disclaimer at the end of this document.


Symptom:

Use of VERITAS NetBackup (tm) with Network Address Translation or Port Address Translation

Solution:

VERITAS does not support any NetBackup configuration which involves any client or NetBackup server separated from the other NetBackup hosts by a network device performing Network Address Translation (NAT) or Port Address Translation (PAT).

Use of dynamic NAT will cause backups to fail.  Use of static NAT, where there is a predetermined one-to-one mapping of IP addresses, may allow backups to function normally, but it is not supported.

NAT will cause restores to fail.  The workaround is to restore to a client where no NAT is involved, and then FTP the files to the client on the other side of the NAT firewall.

NetBackup will not function correctly if PAT is used because PAT changes port numbers.

NAT is not compatible with the new vnetd ("No Connect-back") feature in NetBackup 4.5; it causes Status 58 failures.  Turning off "No Connect-back" allows backups to succeed (assuming the sufficient port range is open on the firewall).

Here is the problem or goal:

  • Customer has Veritas NetBackup server in Trust zone that is attempting to backup a server in the DMZ zone.  The application starts, but doesn't connect and backup the server.
  • NAT is enabled on the Trust interface

Applicable Products:

  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-5GT
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-5200
  • NetScreen-5400

Applicable ScreenOS:

  • 4.0.0
  • 4.0.0-DIAL
  • 4.0.0-DIAL2
  • 4.0.1
  • 4.0.1-SBR
  • 4.0.2
  • 4.0.3
  • 5.0.0
  • 5.0.0 A/V


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search