Salesforce

What firewall ports are necessary for management between Unitrends systems and/or for proper Backup Copy - Hot (Replication) Services?

Information
000003372
What firewall ports are necessary for management between Unitrends systems and/or for proper Backup Copy - Hot (Replication) services?
Unitrends Backup; Recovery Series
RS/UB 10.1; RS/UB 10.0; RS/UB 9.2; RS/UB 9.1; RS/UEB 9.0; RS/UEB 8.2; RS/UEB 8.1; RS/UEB 8.x; RS/UEB 7.5; RS/UEB 7.4; RS/UEB 7.3; RS/UEB 7.2; RS/UEB 7.1; RS/UEB 7.x
Details

The purpose of this article is to answer the question - What firewall ports are necessary for management between Unitrends systems and/or for proper Backup Copy - Hot (Replication) services?

The ports listed are used for communication inside the OpenVPN tunnel, and should never be exposed to the public Internet. In the rare case where a private VPN use has been authorized (and you are not using OpenVPN) you must ensure all six ports listed are allowed between the Source and Target DPU

OpenVPN will use both TCP and UDP port 1194 once it has been properly set up, and is the only port you must have exposed between the Source and Target DPU. During the initial setup, you will need to ensure all the following ports are open to allow the OpenVPN setup to complete.

The Backup Copy - Hot (Replication) Target is configured as the OpenVPN Server (172.17.3.1) and is responsible for authenticating the request from the Source and providing the IP Address to the Source to be used through the tunnel.

The Backup Copy - Hot (Replication) Source is configured as the OpenVPN Client and will initially establish communications to the Target's external IP Address.

To determine the external IP address execute the following from the Command Line Interface:     curl ipecho.net/plain;echo

Port Protocol - Reason
   1      TCP - Only needed during setup
  22      TCP - Vaulting only

  80      TCP - Replication
 443      TCP - SSL

1194      UDP - OpenVPN 
(must stay open between sites after setup completion)
5432      TCP - PostgreSQL

NOTE: ICMP (PING) must be enabled for the replication set up or it will fail. Source must be able to ping the target.

In addition, you will want to review KB 3983 Which ports does Unitrends Support need open in my Internet firewall? to ensure that Unitrends can provide its hardware health monitoring and remote support services when you need it.

In general, Unitrends highly recommends (and uses by default) OpenVPN for the encrypted communication between the Source and Target Data Protection Unit (DPU).
20190308lperez: Added not about ICMP to ping requirements, and moved the line up under list. Addressed 1194 requirements after setup. Correct grammatical and spelling errors.
 
Meta
Gears GearsCRM
Luis Perez

Powered by