Connectivity Issues Caused by Firewalls

After you download Backup for Workgroups and you are working on getting your installation in working order, you may find that your Backup Clients cannot connect to the Data Repository.  When this happens, the most common cause is a firewall or some other security program that is blocking TCP/IP traffic.

Why does this problem occur?

When this happens, the most common cause is a firewall or some other security program (like antivirus software) that is blocking TCP/IP traffic.

• Backup for Workgroups uses TCP/IP for communication between the Data Repository and the Backup Clients
  
  Backup for Workgroups is a client/server product. The Data Repository (the server side in Client/Server) receives the backup data from the Backup Clients (the client side in Client/Server).  This data is transmitted from the Backup Clients to the Data Repository in TCP/IP.
• Firewalls are designed to BLOCK TCP/IP traffic
  
  Firewalls are designed to block TCP/IP traffic to prevent malicious or unintended traffic from entering your network.  If you have a firewall, it will block the communication between the Backup for Workgroups Data Repository and the Backup Clients.

How can I fix this problem?

You need to review your firewall settings and make sure that program allows for communication between the Backup for Workgroups software components.  Read below for the steps you need to follow in order to allow for proper communication between the Backup for Workgroups software components.

You need to configure your Firewall to ALLOW for communication between the Backup for Workgroups Data Repository and Backup Clients

The steps you need to take to allow TCP/IP traffic between the Backup for Workgroups components are going to be dependent upon the type of Firewall that you have installed on your computers.  But, in general, you will need to:

1. SERVER SIDE.  The Data Repository Manager opens Port 2125 to receive data from your Backup Clients.  As a result, you need to make sure that your Firewall allows for TCP/IP traffic to the Data Repository Manager computer.  Open Port 2125 on the Firewall protecting the Data Repository Manager computer to allow for TCP/IP Port 2125 inbound to communicate with the Data Repository Manager.
2. CLIENT SIDE.  The Backup Clients communicate with the Data Repository Manager outbound.  The Backup Clients do not open any Ports.  If your Firewall allows all communication outbound, then you do not need to change any Firewall settings at the Client side.  If the Firewall on the Backup Clients BLOCKS TCP/IP outbound, then you will have to allow Port 2125 outbound at the Firewall protecting the Backup Client computers.

Windows XP and 2003 Built-In Firewall Information
We have provided instructions about how to open Port 2125 at the Data Repository Manager when you are using the built-in Firewall inside Windows XP Service Pack 2 and/or Windows 2003.  If you are using a different Firewall to protect the Data Repository Manager, please consult the manufacturer's instructions for information about how to open Port 2125 for inbound TCP.

If you are using Windows XP Service Pack 2, Windows normally activates the Firewall for you.  So the default is for the Firewall to be ON.

If you are using Windows 2003 Service Pack 1 or higher, Windows normally does not activate the Firewall.  So the default in this scenario is that the Firewall is OFF.

After you download Backup for Workgroups and you are working on getting your installation in working order, you may find that your Backup Clients cannot connect to the Data Repository.  When this happens, the most common cause is a firewall or some other security program that is blocking TCP/IP traffic.

How to Open Port 2125 on the Built-In Firewall with Windows XP and/or Windows 2003

Step 1: Open the Windows Security Center main panel. You can find it under: Start > All Programs > Accessories > System Tools > Step 2: Click on Windows Firewall Step 3: On the Windows Firewall dialog box, select the "General" tab. Make sure that the Windows Firewall is selected to be "On", and the "Don't allow exceptions" box is unchecked.   Step 4: On the Windows Firewall dialog box, select the "Exceptions" tab. You will see that Backup for Workgroups is not listed as a program that can accept incoming network connections. To add Backup for Workgroups to the list, press the Add Port button.   Step 5: On the Add a Port dialog box, fill in the Name field with "Backup for Workgroups Data Repository Manager" and fill in the Port Number field with "2125". Make sure the radio button is on "TCP". Press OK to save this setting. Step 6: When you return to the Windows Firewall dialog box, you should see the Backup for Workgroups Data Repository Manager listed as an exception. Press OK to save your changes. The Data Repository Manager will now be able to accept inbound TCP/IP network connections from the Client computers. Press OK to save your changes.           Data Repository Running as an Application If you have the Data Repository running as an Application, you may see an on-screen dialog informing you that the Data Repository wants to receive connections and would you like to make an exception to allow this?  You should press the Unblock button, and the Backup for Workgroups Data Repository Manager will be allowed to receive inbound TCP/IP connections from the Client computers.    Return to the main Backup for Workgroups Support Page   Step 1: Press the Unblock button to instruct the Microsoft Firewall to allow the Backup for Workgroups Data Repository computer to accept inbound TCP/IP network connections (from a Client computer).