Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Configuring network control access of NetBackup web API
  9. About controlling network access of the NetBackup web API
NetBackup™ Web UI Administrator's Guide

About controlling network access of the NetBackup web API

The network access control option provides an additional security layer that restricts access to the NetBackup web APIs based on IP addresses. This option ensures that only trusted networks can interact with the NetBackup web APIs. By enabling this option with the NetBackup web UI or API, you can specify IP addresses or IP address ranges that can or cannot access web APIs.

Important notes

  • By default, none of the IP addresses can access NetBackup APIs. You must add them in network access control configuration to have the access.

    See Configure the network access control option.

  • The network access control feature is not supported in NetBackup Flex Scale.

  • All user interactions that use NetBackup web APIs are impacted by the network access control feature. Such as:

    • IT Analytics and database agent hosts that are used to generate reports

    • Scripts that are invoked by hosts using API key, commands, and NetBackup Administration Console

  • System-originated interactions (by NetBackup client, media server, or primary server) that use machine certificates to interact with web service API are not impacted by the network access control feature.

  • Interaction of NetBackup primary server with Alta View is not impacted by the network access control feature because the primary server establishes an outbound connection with the Alta View server.

Network access control terminology

Classless Inter-Domain Routing (CIDR) or IP address range

  • CIDR - Is a way to specify a range of IP addresses with a single entry instead of listing each address one by one. For example:

    192.168.1.0/24

    fd00:abcd:1234::/48

  • Allowed IP addresses or IP address ranges

    These IP addresses or the IP addresses in these ranges are allowed to access the web service.

  • Denied IP addresses or IP address ranges

    These IP addresses or the IP addresses in these ranges cannot access the web service.

How the network access control option decides providing access

Note:

After you enable the network access control option, your IP address must be added and saved.

  • Check the IP addresses or ranges that are denied the access. The 'Deny' action takes precedence over the 'Allow' action.

  • Check if the IP address is part of denied IP addresses or IP address ranges.

  • Check if the IP address is part of allowed IP addresses or IP address ranges.

  • If the IP address is neither part of the denied list nor allowed list, the access is denied.

Feedback

Was this page helpful?
Previous

Configuring network control access of NetBackup web API

Next

Workflow to configure network access control for NetBackup web service

Feedback

Was this page helpful?