HP StorageWorks Storage Mirroring Virtual Recovery Assistant user's guide (T2558-96323, April 2009)
9 - 1
Using Firewalls
If your source and target are on opposite sides of a NAT or firewall,
you will need to configure your hardware to accommodate Storage
Mirroring Virtual Recovery Assistant communications. You must
have the hardware already in place and know how to configure the
hardware ports. If you do not, see the reference manual for your hardware.
In a NAT or firewall environment, you must have a static mapping where a single, internal IP address
is always mapped in a one-to-one correlation to a single, external IP address. Virtual Recovery
Assistant cannot handle dynamic mappings where a single, internal IP address can be mapped to any
one of a group of external IP addresses managed by the router.
Virtual Recovery Assistant ports
By default, Storage Mirroring uses port 6320 for all communications.
You will also need to verify that port 6330 is open for Storage Mirroring Virtual Recovery Assistant
communications.
Virtual Recovery Assistant uses ICMP pings to monitor the source for failover. A failover monitor will
not be created if ICMP is blocked (although the data and system state will still be protected). You
should configure your hardware to allow ICMP pings between the source and target. If you cannot,
you will have to monitor for a failure manually and create a dummy monitor at failover time that can
be manually failed over. Contact technical support for assistance with this manual process.
Microsoft Windows ports
Virtual Recovery Assistant uses WMI (Windows Management Instrumentation) which uses RPC
(Remote Procedure Call). By default, RPC will use ports at random above 1024, and these ports must
be open on your firewall. RPC ports can be configured to a specific range by specific registry changes
and a reboot. See the Microsoft Knowledge Base article 154596 for instructions.
Virtual Recovery Assistant also relies on other Microsoft Windows ports.
Microsoft File Share uses ports 135 through 139 for TCP and UDP communications.
Microsoft Directory uses port 445 for TCP and UDP communications.
These ports must be open on your firewall. Check your Microsoft documentation if you need to modify
these ports.
Hardware ports
You need to configure your hardware so that the Virtual Recovery Assistant and Microsoft Windows
ports are open. Since communication occurs bidirectionally, make sure you configure both incoming
and outgoing traffic.
There are many types of hardware on the market, and each can be configured differently. See your
hardware reference manual for instructions on setting up your particular router.