Export (0) Print
Expand All

Configuring Firewalls

Published : April 8, 2005 | Updated : August 17, 2005

If the file servers you want to protect reside behind a firewall, you must configure the firewall to allow communication between the DPM server, the file servers it protects, and the domain controllers.

Protocols and Ports

Depending on your network configuration, you may need to perform firewall configuration to enable communication between DPM, the file servers, and the domain controllers. To help with firewall configuration, Table 2.6 provides details about the protocols and ports used by DPM.

Table 2.6   Protocols and Ports Used by DPM

Protocol

Port

Details

DCOM

135/TCP

Dynamic

The DPM control protocol uses DCOM. DPM issues commands to the file agent by invoking DCOM calls on the agent. The file agent responds by invoking DCOM calls on the DPM server.

TCP port 135 is the DCE endpoint resolution point used by DCOM.

By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. You can, however, configure this range by using Component Services. For more information, see Using Distributed COM with Firewalls (http://go.microsoft.com/fwlink/?LinkId=46088).

TCP

3148/TCP

3149/TCP

The DPM data channel is based on TCP. Both DPM and the file server initiate connections to enable DPM operations such as synchronization and recovery.

DPM communicates with the agent coordinator on port 3148 and with the file agent on port 3149.

DNS

53/UDP

Used between DPM and the domain controller, and between the file server and the domain controller, for host name resolution.

Kerberos

88/UDP 88/TCP

Used between DPM and the domain controller, and between the file server and the domain controller, for authentication of the connection endpoint.

LDAP

389/TCP

389/UDP

Used between DPM and the domain controller for Active Directory queries.

NetBIOS

137/UDP

138/UDP

139/TCP

Used between DPM and the file server, between DPM and the domain controller, and between the file server and the domain controller, for miscellaneous operations.

Windows Firewall

Windows Firewall is included with Windows Server 2003 SP1. If you want to enable Windows Firewall on the DPM server, do so after you have installed DPM. Configure Windows Firewall on a DPM server by opening port 135 to TCP traffic, and specifying the DPM service (Microsoft Data Protection Manager\DPM\bin\MsDpm.exe) and the file agent (Microsoft Data Protection Manager\DPM\bin\MsDpmFsAgent.exe) as exceptions to the Windows Firewall policy.

If Windows Firewall is enabled on a file server you want to protect, you must disable the firewall before you can install the DPM File Agent. After you have installed the file agent, configure Windows Firewall by opening port 135 to TCP traffic and then specifying the file agent (Microsoft Data Protection Manager\DPM\bin\MsDpmFsAgentCA.exe) as an exception to the Windows Firewall policy.

For instructions for configuring Windows Firewall, search on “Windows Firewall” in Windows Help and Support for Windows Server 2003.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft