Hi Eric,
Try changing SCHEDMODE on your client to polling. That is how we have it set up and it
works fine.
Trevor
-----Original Message-----
From: Eric Tang [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 12:27 AM
To: [EMAIL PROTECTED]
Subject: TSM backup via firewall
Hi All,
I am new to firewall, and I am going to setup TSM client backup via
firewall,
after reading Apar IC27212 and perform testing on a NT Client and AIX TSM
Server with testing firewall in between, I have a few questions to ask.
Environment
AIX TSM Server 3.7.3 (IP address 9.184.95.101 hostname: tivoli
schedulemode is any)
NT TSM Client 3.7.2 (IP address 49.11.35.51 hostname: ntadsm01
schedmode is prompted)
Checkpoint Firewall rules:
Source Destination Service Action
1. tivoli ntadsm01 adsm1501 accept
2. ntadsm01 tivoli adsm1500 accept
3. any any any drop
Service adsm1501: Port 1501 defined in TCP Service Property
Service adsm1500: Port 1500 defined in TCP Service Property
Finding:
If rule 2 is absent, cannot run dsmc incremental, q files ...etc (even
manually via cli)
If rule 1 is absent, dsmc client will not wake up according to server
schedule
Output from "netstat -a" on TSM Server when dsmc inc is running and "q
session" shows 2 sessions
Proto Recv_Q Send_Q Local Address Foreign Address (state)
tcp4 0 0 tivoli.1500 49.11.35.51.1075 Established
tcp4 0 0 tivoli.1500 49.11.35.51.1076 Established
....
tcp4 .... *.1500 *.* Listen
tcp4 .... *.1580 *.* Listen
Questions:
1. Are 1075, 1076 the random ports mentioned in the Apar?
2. Are those firewall rules proper to bypass the problem mentioned in the
Apar?
3. For those having TSM backup via firewall, are you having a similar
setup?
Apar IC27212
****************************************************************
* USERS AFFECTED: All TSM Clients*
****************************************************************
* PROBLEM DESCRIPTION: Tivoli Storage Manager Client does not*
* support the use of a firewall in the environment. When the *
* client connects to the assigned port, the server rolls the *
* client over to another random port to keep the initial port*
* open for additional communication. Oncethe client is on *
* another port, communication is severed unless the next*
* selected port happens to be open in the firewall as well.*
***************************************************************
* RECOMMENDATION: It should be documented that TSM does not *
* support access through a firewall.*
***************************************************************
PROBLEM CONCLUSION: The following statement has been documented
in the readmes for all TSM clients:
"The TSM clients work in conjunction with a TSM server to which
they have access. Currently, TSM does not support the use of a
firewall beween the server and the client."
Regards,
Eric Tang
------------------------------------------------------------------------------
This message and any attachment is confidential and may be privileged or otherwise
protected from disclosure. If you have received it by mistake please let us know by
reply and then delete it from your system; you should not copy the message or disclose
its contents to anyone.
