Home Print  

NAT/Firewall Configuration

This page provides information about the ports used by , and the ports that need to be opened to enable to work across NAT/Firewall.

The following ports are needed to be opened up at the Backup/Replication Servers for server to be able to receive the backup/restore/delete/replication/webservice requests from the clients:

  • TCP Port 32004 - for processing Backup/Restore/Delete/Replication requests.

  • TCP Port 32007 - for processing Backup/Restore/Delete/Replication requests.

  • HTTP Port 6060 - for processing WebService requests.

  • HTTP Port 6061 - for processing WebService requests.

In some cases, ports will need to be added to the Firewall exception list to ensure functioning smoothly for backups. As Windows XP SP2/SP3, Vista & Windows 7 OS have built in firewall which restrict ports opened by applications, the ports need to be added to the Firewall exception list. Hence, it is recommended to add the ports or StoreGrid.exe in the Firewall exception list for these operating systems.

The following ports are needed to be added to the Firewall exception list at the Clients:

  • TCP Port 32005 - for processing Apache/PHP console requests to backend.

  • TCP Port 32008 - for processing Exchange Mailbox backups in Windows 64 bit OS.

  • HTTP Port 6060 - for processing WebConsole requests.

  • HTTP Port 6061 - for processing WebConsole requests.

The purpose of the above ports are mentioned in detail below.

TCP Port 32004

Server opens this port. All Client-Server communication including backups, restore etc. (except TCP discovery) is done through this port. If a Server is behind a NAT/Firewall then this port needs to be opened to enable clients to backup to this server. Opening up this port is mandatory for the core functionality of backup and restore to work in . By default the port used by is 32004, if you have modified the 'Backup Server Port' during installation, then you have to open the corresponding port in your NAT/Firewall.

TCP SSL Port 32007

From v2.3, clients can send the backup data to the backup server on secure SSL port 32007. This port is disabled in the backup server and the client by default. SSL port can be enabled by changing the Enabled attribute to 1 in the SSL tag in the SGConfiguration.conf file. When enabled in the backup server, the backup server can accept backup requests on both port 32004 and the SSL port 32007. When enabled in the client, the client will start sending the backup data on the SSL port.

If SSL port is enabled in the backup server and in the client, all Client-Server communication including backups, restore etc. (except TCP discovery) from that client will be done through the SSL port 32007 and therefore if a Server is behind a NAT/Firewall then this port needs to be opened to enable the client to backup to this server.

By default the port used by for SSL is 32007. But it can be modified by changing the 'SSLServer' attribute in the 'Ports' tag in the SGConfiguration.conf file. This port number should be set the same in both the server and the client.

TCP Port 6060, 6061

These ports are used by the Web Server (Apache) to serve requests from WebConsole (User Interface). These ports are configurable. When you first install you would have been given an option to change these ports. The NAT/Firewall should also 'allow' these ports if you need the ability to connect/administer a peer behind the NAT/Firewall.

In a Backup Server Cluster setup, client machines make web service requests to the Server instances on these ports for cluster node lookup. Therefore, in a cluster environment, it is recommended that the server side firewall is configured to allow incoming HTTP/HTTPS traffic on these ports and the client side firewall is setup to allow outgoing HTTP/HTTPS traffic on these ports. Similarly, in a Replication Server Cluster setup, the backup servers replicating to the cluster make HTTP/HTTPS requests on these ports.

TCP Port 32008(Windows 64-bit OS)

From v2.4 Exchange Mailbox backup and restore is supported for Exchange Server 2007. 64-bit client exe can send the backup request to the 32-bit client exe on port 32008 running in the same machine. If a Client is behind a NAT/Firewall then this port needs to be opened to enable Exchange 2007 Mailbox backup and restore to be performed. Opening up this port is mandatory for the core Exchange 2007 Mailbox functionality of backup and restore to work in . By default the port used by for Exchange 2007 Mailbox backup is 32008. But it can be modified by changing the "MAPI32Bit" attribute in the "Ports" tag in the SGConfiguration.conf file located in <INSTALLATION_HOME>/conf folder.

TCP Port 32005

Both Client and Server open this port. This port is used for two purposes:

  1. For all communication between the PHP module (invoked by the browser based WebConsole) and the C++ modules. In , all UI requests from the browser are served by PHP pages, which in turn connect to this port to get the required data. By default the port used by is 32005, if you have modified the 'UI Communication Port' during installation, then you have to open the corresponding port in your NAT/Firewall.

  2. peers also use this port to do a more complete discovery of each other sharing details about other peers etc. This TCP discovery is always enabled in .

This port need not be configured in the NAT/Firewall. If so, the only feature that would not work is: Switching to a peer behind the NAT/Firewall through the WebConsole of another peer outside the NAT/Firewall.

Multicast Ports (UDP) 6363, 6364 [optional, by default not used]

These two multicast ports are used by Clients and Servers for discovering peers within a subnet. In most networks, multicasting will work only within a subnet. There is no need to open these ports in firewall or NAT devices as multicast packets may not be sent across networks, anyway.

From v3.0, Multicast discovery is disabled by default. It can be enabled by changing the 'SocketDiscoveryEnabled' attribute in the SGInformation.conf file.

UDP Port 32006 [optional, by default not used]

This UDP port is used in discovery of peers in a network. does a UDP scanning on port 32006 of all possible IP Addresses in a network to detect the presence of other peers. There is no need to open this port in the NAT/firewall as does the UDP scanning only within its subnet. By default, UDP network scanning is disabled in .

Print  
Technical support-