none
DPM 2010 Port Requirements - How Can I Get Around DCOM Port Range?

    Question

  • Dynamic Ports DPM 2010

    I have a problem backing up my DPM 2012 clients in a DMZ. I've read the DPM port guide here:

    http://technet.microsoft.com/en-us/library/hh757794.aspx

    The top part is causing me an issue. From my firewall logs I've noticed the DPM server and client talk on random DCOM ports ranging from 1024 to 65,535. Worse than that, the random port communication occurs in both directions.

    Currently for specific hosts, I've enabled these ports and can now get DPM backups to work, but this strikes me as crazy - how can I get DPM 2012 and Windows client servers to operate over an acceptabe port range? Leaving ports 1024 to 65, 535 open permanently is not an option.

    Thanks


    IT Support/Everything

    Monday, July 22, 2013 6:35 PM

All replies

  • Hi,

    The following technet site states DMZ protection is not supported.

    Security Considerations for Protecting Computers in Workgroups or Untrusted Domains
    http://technet.microsoft.com/en-us/library/hh757954.aspx

    Although DPM does not block it, and technically it can work, but we don't support protecting servers in a DMZ for security reasons. Using certificate based authentication is best if you decide to pursue.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, July 22, 2013 6:49 PM
    Moderator