Important notes
Review the following notes while you enable support for NAT hosts in NetBackup.
Replication target host should be reachable from the source media server.
Deduplication from the media server in a public network to a private network is not supported, however the reverse is supported.
Optimized duplication does not work for communication between a NAT media server and a media server in a public network. This is because the deduplication engine does not support a reverse connection.
However, if a NAT host is used as a replication target host for both media servers, optimized duplication works.
In case of Windows platform, ensure that the 8dot3 name file setting is enabled for the volume where NetBackup primary server software will be installed. The fsutil command is used to enable the required file setting.
Refer to the following article: Fsutil 8dot3name
You must provide an authorization token during NetBackup certificate deployment on a NAT host, irrespective of the certificate deployment security level that is set on the primary server. This is required because the primary server cannot resolve the client host name that is part of the certificate deployment request to the NAT device's IP address from which the request appears to be coming.
Automatic host ID-to-host name mapping is disabled for NAT hosts. A NAT host should be referenced in backup policies and NetBackup commands using the host name that is already mapped to its host ID. The initial hostname mappings are established for a host during NetBackup certificate deployment or external certificate enrolment. If you want a NAT host to use an alternative name for connection, you have to manually map the required host names using the Security > Host mappings node.
In a NetBackup domain that comprises application hosts such as SharePoint, Microsoft Exchange server, or Application Clusters, the application host name or data availability group (DAG) name may be different than the one that is used during NetBackup installation. In some cases the Fully Qualified Domain Name (FQDN) of the host is used during NetBackup installation. Therefore, connection between the NetBackup server and the client (or application host) may fail. To resolve this issue, map both the names of the NetBackup client using the Security > Host mappings node.
For more details on the security certificates and certificate deployment levels, refer to the NetBackup Security and Encryption Guide.