Configuring Legato Networker Client under Windows XP Internet Connection Firewall or Windows Firewall

Internet Connection Firewall under Windows XP

The Windows XP Internet Connection Firewall (ICF) or Windows Firewall can be used to protect your computer from unsolicited network traffic. It operates in the background and only allows network traffic through to your computer if it determines that your computer initiated the contact. This poses a problem with the backup process which is initiated from the backup server. When it is time for your computer to be backed up, the server reaches out and contacts the Legato Networker client software that is installed on your computer. With the firewall turned on (enabled), this connection from the backup server is blocked because your computer did not initiate the backup request. To get around the firewall blocking the backup process, you need to open a hole in the firewall to allow the backup server to contact the Networker client software on your machine.

The process you follow is different depending upon which Windows Service Pack is installed on your computer. To determine which Service Pack you are running, Open My Computer and select "About Windows" under the Help pull-down menu. If a Service Pack has been installed, the version displayed with contain the text "Service Pack 1" or "Service Pack 2".

As with installing software, both of these operations must be conducted using an account with Administrator privileges.

 

Adding the Networker Client to the Windows Firewall exclusion list
(Windows XP Service Pack 2)

Step1: Find and launch the Windows Firewall program under the Control Panel

The Windows Firewall program is located under the Control Panel (Start-Control Panel). If you are not logged on with an account that has administrator rights on the workstation, you can use the "run as" option to switch into an administrative user for these steps: while pressing the shift key, right-click on the Windows Firewall icon and select "Run As..." and then use your local admin account credentials to launch the Windows Firewall control panel with the ability to modify the settings (below).

Step 2: Add the Networker client program to the Exceptions list.

On the Windows Firewall menu, select the Exceptions tab (below)

and click on "Add Program..." button and browse to the Networker client program executable (C:\Program Files\Legato\nsr\bin\nsrexecd.exe). Make sure you select nsrexecd.exe not nsrexec.exe.

 

Step 3: Set the scope of access for the nsrexecd.exe program

You need to set the scope of access that you will allow for the nsrexecd program (i.e. how far will you accept external connections). Click on the Change Scope... button and select the Custom List option.

In the space provided below the custom list, enter the IP address of the IST backup server: 129.97.129.70 and then click OK.

 

Step 4: Verify settings

Verify that nsrexed.exe is in the list of exceptions and is checked (below).

Click OK to close the Windows Firewall configuration program.

top

Open Networker Ports for remote access under ICF
(Windows XP Service Pack 1 or earlier)

Step 1: Launch the Network Connections Control Panel

To modify the Internet Connection Firewall settings under pre-Service Pack 2 versions of Windows XP, you must use the Network Connections Control Panel. This can be found under the Control Panels (Start-Control Panel). Find and double-click on the Network Connections icon.

 

Step 2: Configure the current network connection

You may have several different network connections. The Local Area Connection is likely the one that you are using. Any ICF-enabled Network Connection will have a little lock icon in the top right corner of the icon (see Local Area Connection below).

To edit the properties of the network connection, right-click on the icon and select the Properties option from the resulting popup menu (below).

The Properties menu (below) will appear for the network connection. This menu is used to configure the network connection.

 

Step3: Open the Firewall Settings menu

Verify that the Internet Connection Firewall is enabled (checked). To configure ICF you need to select the Advanced tab on the Properties menu (below), and click on the Settings... button.

 

 

In the Advanced Settings menu, there will be a list of default services that Microsoft has pre-configured for Windows XP (below).

Since Legato is not one of the services listed, it must be added to the list. Click on Add...

 

Step 4: Add the Legato Service ports to the list of firewall services

The Service Settings menu will appear (below). It is here that you add a service and open a hole in the firewall to allow unsolicited traffic to a specific network port on your computer.

The IST backup server for the workstation backup service is called "hoover". It will need to be able to contact your computer on three TCP ports (7937, 7938 and 7939). You cannot enter a range of port numbers so you will need to make three service entries (one for each port). The name isn't significant but you should choose something that will remind you of its purpose. In the examples below, the name is simply "Legato Networker" and the port number; the remote server is "hoover.uwaterloo.ca" (required) and the TCP port numbers are 7937, 7938 and 7939 (required).

 

 

 

Step 5: Verify the ICF settings

When you are done, you should have three entries in the Services list that will allow the IST backup service (Legato Networker) to access your computer from the server hoover on TCP ports 7937, 7938 and 7939 (below). Ensure that the three services are enabled (checked).

Click OK to dismiss the Advance Settings menu and then click OK on the network connection properties menu.

 

Step 6: Launch Networker Administrator

ICF will now allow the backup service to contact your computer using three different TCP ports. By default, Legato Networker is not limited to these three ports but will attempt to use ports ranging from 7937 to 9936 (which is simply too many entries to enter in the ICF services list!). The next step is to limit the Networker software to the three TCP ports entered in the ICF services list (7937, 7938 and 7939). To do this, you need to launch the Networker Administrator program which was installed when you installed the Networker software. To launch the Networker Administrator, click on Start-All Programs-Legato Networker-Networker Administrator (below)

 

Step 7: Start the Port Configuration module

Select "Configure Ports..." under the Options pull-down menu of the Networker Administrator (below).

You will be prompted to enter the name of the client computer that you want to configure. Since it is the local computer, simply click OK without entering a name (below)

 

Step 8: Modify the Service Ports to 7937-7939

The default ports will be listed (below).

Modify the Service Ports to read: 7937-7939 (below) and click OK.

 

Step 9: Exit Networker Administrator To exit/close the Networker Administrator, select the Exit option from the File pull-down menu.

top