About controlling network access of the NetBackup web API
The network access control option provides an additional security layer that restricts access to the NetBackup web APIs based on IP addresses. This option ensures that only trusted networks can interact with the NetBackup web APIs. By enabling this option with the NetBackup web UI or API, you can specify IP addresses or IP address ranges that can or cannot access web APIs.
By default, none of the IP addresses can access NetBackup APIs. You must add them in network access control configuration to have the access.
The network access control feature is not supported in NetBackup Flex Scale.
All user interactions that use NetBackup web APIs are impacted by the network access control feature. Such as:
IT Analytics and database agent hosts that are used to generate reports
Scripts that are invoked by hosts using API key, commands, and NetBackup Administration Console
System-originated interactions (by NetBackup client, media server, or primary server) that use machine certificates to interact with web service API are not impacted by the network access control feature.
Interaction of NetBackup primary server with Alta View is not impacted by the network access control feature because the primary server establishes an outbound connection with the Alta View server.
Classless Inter-Domain Routing (CIDR) or IP address range
CIDR - Is a way to specify a range of IP addresses with a single entry instead of listing each address one by one. For example:
192.168.1.0/24
fd00:abcd:1234::/48
Allowed IP addresses or IP address ranges
These IP addresses or the IP addresses in these ranges are allowed to access the web service.
Denied IP addresses or IP address ranges
These IP addresses or the IP addresses in these ranges cannot access the web service.
Note:
After you enable the network access control option, your IP address must be added and saved.
Check the IP addresses or ranges that are denied the access. The 'Deny' action takes precedence over the 'Allow' action.
Check if the IP address is part of denied IP addresses or IP address ranges.
Check if the IP address is part of allowed IP addresses or IP address ranges.
If the IP address is neither part of the denied list nor allowed list, the access is denied.