Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. Veritas NetBackup™ Administrator's Guide, Volume I
  5. Section IX. Administering NetBackup
  7. Using the NetBackup Remote Administration Console
  9. Run-time configuration options for the NetBackup Administration Console
  11. FIREWALL_IN
Veritas NetBackup™ Administrator's Guide, Volume I

FIREWALL_IN

The FIREWALL_IN configuration option provides a method to use a NetBackup Administration Console that is outside of a trusted network to administer the NetBackup master servers that are within a trusted network.

This option uses the following format.

On Windows:

SET FIREWALL_IN=
HOST1:PORT1=HOST2:PORT2;IP_ADDR1:PORT3=IP_ADDR2:PORT4
SET FIREWALL_IN >> "%NBJDIR%"\nbjconf

On UNIX:

FIREWALL_IN= HOST1:PORT1=HOST2:PORT2[;...;HOSTn:PORTn=HOSTm:PORTm]

Where HOST is a host name or an IP address.

This configuration option provides a way to allow administrators to bypass the firewall by using one of the following methods:

  • Enter the port number of the bpjava service in the trusted internal network. Then, map the private interface where the bpjava service runs to a public interface that can be reached from outside the firewall.

  • Set up a Secure Shell (SSH) tunnel from the local host to the system inside the firewall.

In the following example:

  • Master server NBMaster.abc.com is in a trusted network, behind a firewall.

  • The IP address of NBMaster.abc.com is 10.221.12.55.

  • The NetBackup Administration Console is installed on localhost.

  • SSH tunnels exist from localhost to NBMaster.abc.com as follows:

bpjava-msvc port (default 13722)

localhost:port1

vnetd port (default 13724)

localhost:port2

pbx port (default 1556)

localhost:12345

Where localhhost is the host name and port1 is the IP port.

To make relevant changes for connections to bpjava-msvc and vnetd, see the following topic:

See VNETD_PORT.

On Windows systems, use setconf.bat to add the option:

SET FIREWALL_IN=
NBMaster.abc.com:1556=localhost:12345;10.221.12.55:12345=localhost:12345
SET FIREWALL_IN >> "%NBJDIR%"\nbjconf

On UNIX systems, add the following line to the nbj.conf file:

FIREWALL_IN=NBMaster.abc.com:1556=localhost:12345;10.221.12.55:12345=localhost:12345

The entry indicates the following:

  • The connection to NBMaster.abc.com:1556 is to be redirected to localhost:12345.

  • The connection to 10.221.12.55:1556 is to be redirected to localhost:12345.

Note:

The same options are used if NBMaster.abc.com has a public interface (NBMasterpub.abc.com) that can be reached from the Internet. In this case, the administrator replaces localhost with NBMasterPub.abc.com.

Feedback

Was this page helpful?
Previous

Run-time configuration options for the NetBackup Administration Console

Next

FORCE_IPADDR_LOOKUP

Feedback

Was this page helpful?