+1 for proxy, in particular to use the backup server.
The repo is the biggest target for attack, and we need to have it accessible to all the agents, on ports 2500-3300? We use stateless ACLs on a system that does not allow port ranges to be specified, so we would need an ACL entry for each port, each way, for each of the 5 agents we're backing up. Thousands of ACLs. Madness.
Why can't we proxy it through the backup server, so only it needs to talk to the repo? Is there a technical reason this is difficult, or is it seen as not needed?
At the very least, allow us to specify the range of ports needed, which would let me create a job for each agent and specify the port for that job. Two ACL entries for each agent beats 1600.
The repo is the biggest target for attack, and we need to have it accessible to all the agents, on ports 2500-3300? We use stateless ACLs on a system that does not allow port ranges to be specified, so we would need an ACL entry for each port, each way, for each of the 5 agents we're backing up. Thousands of ACLs. Madness.
Why can't we proxy it through the backup server, so only it needs to talk to the repo? Is there a technical reason this is difficult, or is it seen as not needed?
At the very least, allow us to specify the range of ports needed, which would let me create a job for each agent and specify the port for that job. Two ACL entries for each agent beats 1600.
Statistics: Posted by bretth — Mar 06, 2025 11:27 pm
/english-betterindia/media/post_attachments/uploads/2022/05/Sustainable-home-10-1651667432.jpg)
