Important notes

Review the following notes while you enable support for NAT clients in NetBackup.

You must provide an authorization token during NetBackup certificate deployment on a NAT client, irrespective of the certificate deployment security level that is set on the master server. This is required because the master server cannot resolve the client host name that is part of the certificate deployment request to the NAT device's IP address from which the request appears to be coming.
Automatic host ID-to-host name mapping is disabled for NAT clients. A NAT client should be referenced in backup policies and NetBackup commands using the host name that is already mapped to its host ID. The initial hostname mappings are established for a client during NetBackup certificate deployment or external certificate enrolment. If you want a NAT client to use an alternative name for connection, you have to manually map the required host names using the Host Management node.
In a NetBackup domain that comprises application hosts such as SharePoint, Microsoft Exchange server, or Application Clusters, the application host name or data availability group (DAG) name may be different than the one that is used during NetBackup client installation. In some cases the Fully Qualified Domain Name (FQDN) of the host is used during NetBackup client installation. Therefore, connection between the NetBackup server and the client (or application host) may fail. To resolve this issue, map both the names of the NetBackup client using the Host Management node.

For more details on the security certificates and certificate deployment levels, refer to the NetBackup Security and Encryption Guide.