ALso depending on your firewal, you could always NAT the TSM server address. Through the firewall you could assign an OUTSIDE address that gets translated to the INSIDE address of the TSM server. You can also put rules to limit the connections through port 1500 only to the TSM server address. If you change the default port of 1500 for the TSM server you need to change ALL of your clients to use this new port number. If you use POLLING (which the TSM Clients manual says is the only supported schedmode for backups thru firewalls) then you only need the 1500 port open. I wouldn't recomment running the CAD server for webclient on those servers outside the firewall, either. Just gives those hackers another open port to play with...
Bill Boyer DSS, Inc. -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Harderwijk Sent: Tuesday, May 21, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: Re: Backups through a firewall Hi, Wanda wrote: > All the firewall guy had to do was create a rull that allows TCP/IP traffic > through the firewall for port 1500 for the particular client address. > > If you use SCHEDMODE PROMPTED, I believe you also have to enable port 1501. > If you want to use the web client to do TSM backups/restores remotely, that > uses port 1581. > > All those ports are configurable, i.e., you can tell TSM client and server > to use different ports if you want I would STRONGLY suggest to choose different ports. I believe there's a list out there, I think it's through IANA (www.iana.org - somebody please confirm that) that tells which port is 'registered' . Pick some free ports high up, preferably not next to each other (I would go pick like 7492, 9816 and 9752- handpicked these :) ). Wouldn't want some h*cker discovering you're using 1234 with some sec hole somewhere and let him just try 1235 and 1236, now would we? But hey, waddah I know, it's just my $.02 - maybe I'm wrong. At least someone on the list will tell you, and you'll never forget (and neither will I). Regards, Rick
