Export (0) Print
Expand All

Configure firewall exceptions for the agent

Updated: January 12, 2015

Applies To: System Center 2012 - Data Protection Manager, System Center 2012 R2 Data Protection Manager, System Center 2012 SP1 - Data Protection Manager

For a protection agent to communicate with the System Center 2012 – Data Protection Manager (DPM) server through a firewall, firewall exceptions are required.

Configure an incoming exception for sqservr.exe for the DPM instance of SQL Server, to allow TCP on port 80.The report server listens for HTTP requests on port 80 for HTTP requests. The following table lists the protocols and ports required for communication between the DPM server and protected servers and clients.

 

Protocol Port Details

DCOM

135/TCP
Dynamic

The DPM control protocol uses DCOM. DPM issues commands to the protection agent by invoking DCOM calls on the agent. The protection agent responds by invoking DCOM calls on the DPM server.

TCP port 135 is the DCE endpoint resolution point used by DCOM.

By default, DCOM assigns ports dynamically from the TCP port range of 1024 through 65535. However, you can configure this range by using Component Services.

Note that for DPM-Agent communication you must open the upper ports 1024-65535. To open the ports, perform the following steps:

  1. In IIS 7.0 Manager, in the Connections pane, click the server-level node in the tree.

  2. Double-click the FTP Firewall Support icon in the list of features.

  3. Enter a range of values for the Data Channel Port Range.

  4. After you enter the port range for your FTP service, in the Actions pane, click Apply to save your configuration settings.

TCP

5718/TCP
5719/TCP

The DPM data channel is based on TCP. Both DPM and the protected computer initiate connections to enable DPM operations such as synchronization and recovery.

DPM communicates with the agent coordinator on port 5718 and with the protection agent on port 5719.

DNS

53/UDP

Used between DPM and the domain controller, and between the protected computer and the domain controller, for host name resolution.

Kerberos

88/UDP 88/TCP

Used between DPM and the domain controller, and between the protected computer and the domain controller, for authentication of the connection endpoint.

LDAP

389/TCP
389/UDP

Used between DPM and the domain controller for queries.

NetBIOS

137/UDP
138/UDP
139/TCP
445/TCP

Used between DPM and the protected computer, between DPM and the domain controller, and between the protected computer and the domain controller, for miscellaneous operations. Used for SMB directly hosted on TCP/IP for DPM functions.

-----
For additional resources, see Information and Support for System Center 2012.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012. For instructions and examples, see Search the System Center 2012 Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft