Details
I enabled a supported backup service in ESX Server firewall and tried to create a BackupExec Section of the client server in a virtual machine. The server was not able to connect to the client to select the backup files. How can I get by backup and restore to work with ESX Server firewall enabled?
Solution
With a supported backup service and ESX Server firewall, attempts to create a BackupExec Section of the client server in a virtual machine failed. The server was not able to connect to the client to select the backup files. This might occur when using Symantec BackupExeclld, Legato Networker 7.4 SP1, Legato Networker 7.3.2 Jumbo Update1, or Brightstor-Arcserver.
A workaround is to open a port or range of ports, both inbound and outbound, for running the backup jobs.
For Symantec Backupexeclld:
1. In the Backupexeclld interface, Go to Tools > Options > select Network and Security.
2. Set port range from 8192 to 8198.
3. In the ESX Server Console OS, open the same ports with (inbound) tpc.in. Additionally, open 6101 and 6102 (outbound) tcp.out.
For Legato Networker 7.4 SP1
The settings are made on both the server and the client because Legato Networker has about 200 ports defined and it allows administrators to modify them as needed.
On the server where the backup application is installed:
1. Select Enterprise tab.
2. Select the ESX Server.
3. Launch the backup application.
4. Select Configuration tab.
5. Select host whose ports you need to configure.
6. Right-click on the host and select Configure Port Ranges.
7. Set port range from 7937 to 7956.
In ESX Service Console OS:
1. Run nsradmin - nsrexec
2. Run p type:nsr system port ranges
3. Check for default service port information.
4. Run update service ports: 7937-7956
5. Verify the port changes.
To identify which ports the Legato application is using:
On the server where the backup application is installed:
1. Start portmap service. For example, /etc/init.d/portmap2. Start then disable the firewall.
3. Run rpcinfo -p server_host_hame | grep nsr
This lists the ports and respective Legato processes.
4. Make a list of the ports and open each port using:
esxcfg-firewall -o
5. Enable the firewall and run the backup jobs.
For Legato Networker 7.3.2 with JumboUpdate1, do either of the following:
* Turn down the firewall and run Backup Jobs.
* Open 7937-7956 range of ports both in Legato Networker seerver and in the service console.
For Brightstor-Arcserver rll.5 SP1
1. Open port 6051 both inbound and outbound.
2. Mount the VMFS partition in the root directory so it can received the backup of the virtual machines.
Run mount -t vmfs path_of_vmfs path_of_root
Based on VMware KB 1004261
