Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Read this first for secure communications in NetBackup
  7. How communication happens when a host cannot directly connect to the master server
NetBackup™ Security and Encryption Guide

How communication happens when a host cannot directly connect to the master server

In a demilitarized zone (DMZ), NetBackup clients may not be able to directly send requests (for certificate deployment and so on) to the master server. The HTTP tunnel on the media server is used to accept the web service requests sent by the client hosts and forward them to the master server. The configuration of the HTTP tunneling is automatic and no setup is required. The NetBackup client and the media server must be 8.1 or later for HTTP tunneling to work.

Irrespective of the certificate deployment security level that is set on the master server, you require an authorization token to deploy a NetBackup CA-signed certificate on a host in a demilitarized zone.

See About the communication between a NetBackup client located in a demilitarized zone and a primary server through an HTTP tunnel.

Feedback

Was this page helpful?
Previous

How revocation lists work for external certificates

Next

How NetBackup 8.1 or later hosts communicate with NetBackup 8.0 and earlier hosts

Feedback

Was this page helpful?