Veritas NetBackup support for Network Address Translation and Port Address Translation

Article: 100004694
Last Published: 2021-03-01
Ratings: 0 0
Product(s): NetBackup

Problem

NetBackup 8.1.2.1 and older versions, to provide full functionality, must be able to reliably connect to the same remote host using the same configured hostname at all times, and also be able to reliably distinguish the host from which an inbound connection originated based on the source IP address.

Accordingly, before NetBackup 8.2, Veritas does not formally support any NetBackup configuration which involves a NetBackup server or client host separated from other NetBackup hosts by a network device performing Network Address Translation (NAT) or Port Address Translation (PAT).

NetBackup 8.2 adds a NAT feature to NetBackup (NB-NAT), for support of client hosts in those types of environments.  NetBackup 8.3 extends the NB-NAT feature to include media servers.
 

Solution

For NetBackup 8.2 or newer client hosts, see 'Enabling NetBackup to support NAT clients' in the Veritas NetBackup Administrator's Guide, Volume I, and also 'NetBackup feature support in NAT environment'.

For NetBackup pre-8.2, Veritas does not support and recommends against the use of NAT or PAT as follows.

  • The use of PAT or dynamic NAT introduces data security risks and other failures due to the inability to uniquely and consistently identify a remote host by IP address.
  • The use of static NAT, where there is a predetermined one-to-one mapping of IP addresses, may allow scheduled backups that only use legacy connections to function normally, but is not supported because other operations may fail.  Further, attempts to resolve outside hostnames to inside global IPs may expose those sensitive IP addresses and hostnames to unintended observers.

If it is necessary to restore data to a target client on the other side of a NAT gateway, restore the files to a staging client where NAT is not involved and then transfer the files to the target host using FTP or other means.

Final Caution:

Some NetBackup pre-8.2 operations may appear to function correctly when using NAT or PAT.  But functionality is limited, the authenticity of a remote host and therefore data security is not guaranteed, and attempts to work-around NAT may expose critical host information.  Therefore, support is not extended to these environments.

Was this content helpful?