TCP out of state packets between client and server - Veritas Net Backup

This is a discussion on TCP out of state packets between client and server - Veritas Net Backup ; Hi All My veritas netbackup server is in my local network, and several of the machines are in the DMZ, this means traffic has to pass through our stateful firewall. Every 2 weeks or so (randomly) a backup will fail ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: TCP out of state packets between client and server

  1. TCP out of state packets between client and server

    Hi All

    My veritas netbackup server is in my local network, and several of the
    machines are in the DMZ, this means traffic has to pass through our
    stateful firewall.
    Every 2 weeks or so (randomly) a backup will fail because the server
    attempts to send an out of state TCP packet, in that the first packet
    isn't SYN.

    Normally i would accept that this is just a once off failed connection,
    but the fact that this has happened on a number of occasions is putting
    me off. We need these backups EVERY night!
    The firewall is perfectly right to drop the connection if it isn't lead
    with a SYN packet, and it cannot be changed for that
    veritas-server-to-client connection, as it is part of the firewalls
    stateful inspection that applies to ALL connections.

    Any help would be greatly appreciated.
    Thanks,

    jimmy allan
    Network Security Engineer
    UNIX Support
    Dept Conservation & Land Management
    Western Australia

  2. Re: TCP out of state packets between client and server

    Are you using vnetd with the no callback option in NetBackup for going
    through the firewall? Is this version 5.x or higher of NetBackup?

    JR

    On Fri, 23 Sep 2005 15:45:33 +0800, jimmy wrote:

    >Hi All
    >
    >My veritas netbackup server is in my local network, and several of the
    >machines are in the DMZ, this means traffic has to pass through our
    >stateful firewall.
    >Every 2 weeks or so (randomly) a backup will fail because the server
    >attempts to send an out of state TCP packet, in that the first packet
    >isn't SYN.
    >
    >Normally i would accept that this is just a once off failed connection,
    >but the fact that this has happened on a number of occasions is putting
    >me off. We need these backups EVERY night!
    >The firewall is perfectly right to drop the connection if it isn't lead
    >with a SYN packet, and it cannot be changed for that
    >veritas-server-to-client connection, as it is part of the firewalls
    >stateful inspection that applies to ALL connections.
    >
    >Any help would be greatly appreciated.
    >Thanks,
    >
    >jimmy allan
    >Network Security Engineer
    >UNIX Support
    >Dept Conservation & Land Management
    >Western Australia



+ Reply to Thread