Online Backup - Firewall Configuration

 

Online Backup - Client Firewall Configuration

In a standard firewall configuration there is an inside network interface (i.e. your LAN with SecuriData’s Online Backup Software) and an outside network interface (i.e. the Internet or WAN). The inside network is considered to be 'trusted', while the outside network is not.

Connections with SecuriData’s online backup datacenter are always initiated by SecuriData’s Online Backup Software residing on the customers server or LAN (SecuriData’s Datacenter never initiates a connection to the customer’s site) Therefore, you must allow port 4401 for the TCP protocol for the inside network interface.

If you do not use DHCP for the SecuriData Online Backup host computer, you have additional flexibility:

• You can specify in the firewall that only the SecuriData Online Backup host computer's IP address can use port 4401.
• Depending on your firewall's configuration, you may even be able to set up a range of IP addresses.

Transparency

1. Most default firewall configurations provide transparency for users inside your firewall, but not for the users outside the wall.  SecuriData’s Online Backup needs transparency for the connection with SecuriData’s datacenter. Therefore, you must either set transparency ON for the internal network interface or allow the connection on port 4401 to be transparent. This will depend on the type of firewall you are using.

2. There is no need for transparency on the outside network interface.

Ports

1. The basic configuration required to setup your firewall for SecuriData’s Online Backup activities (backup/restore) is to allow port 4401 for the TCP protocol.

Monitoring the SecuriData’s Online Backup with the Java (GUI) from an outside connection:

1. You must allow port 4403 (TCP and UDP) in addition to port 4401.

2. If  SecuriData’s Online Backup host computer has more than one network interface (assuming the SecuriData’s Online Backup computer is running Windows NT / 2000 / XP / Server 2003, Small Business Server 2003) and has default gateways on each interface, then you must modify the routing table manually to include the network from which the SecuriData online backup host machine is connecting.

Conclusion

To summarize - if you want full control of the SecuriData’s Online Backup user interface from the GUI, enable port 4401 (TCP) with transparency, as well as enabling port 4403 (TCP and UDP).