Firewall Configuration for Use with Agents

The LiveVault Online Backup Service Agent uses a fixed TCP port to communicate with the LiveVault Internet Gateway (LVIG).

When you install LiveVault Online Backup Service Agent software on your server, a port selection utility in the Health Check utility (lvhealth) tests whether the LiveVault Online Backup Service Agent can communicate with its predetermined Primary and Backup LVIGs.

To determine which TCP port to use for communication, the utility attempts to connect from the LiveVault Online Backup Service Agent to both LVIGs using the ports listed in the following table (in the sequence shown, i.e., 2147 is always tested first) :

Port Number	Port Name
2147	LiveVault Tunnel
554	RealPlayer/Quicktime RTSP
1090	RealPlayer PNA
1720	H.323 (streaming video)
1755	Windows Media Player
1503	T.120 (white board conferencing)
7070	RealPlayer (Alt)
1863	MSN Messaging
5190	AOL Instant Message
443	HTTP (SSL)
636	LDAP (SSL)
389	LDAP (directory service)
80	HTTP (web)
25	SMTP (mail)
119	NNTP (news)
123	NTP (time service)

The utility tests ports until it is able to connect with both the LVIGs. Typically the same port is able to be used to connect with both LVIGs. However, it is possible for your firewall rules to result in different ports being used.

The utility then records into the LiveVault Online Backup Service Agent's registry the port number, along with the corresponding Primary and Backup LVIG IP address.

The TCP port is fixed, unless you change it by doing one of the following:

Manually editing the port information in the LiveVault Online Backup Service Agent's registry (see the section Registry Entry for Fixed TCP Ports below).
Reinstalling the LiveVault Online Backup Service Agent, during which the Health Check utility runs again and may identify a different port to use.
Manually running the Health Check utility (lvhealth) which may identify a different port to use.

If your LiveVault Online Backup Service Agent is not able to connect with either of its LVIGs, your firewall may be the source of the problem. If your firewall is the problem, then you must modify your firewall to allow the LiveVault Online Backup Service Agent to establish a session with its LVIGs.

Each firewall will have specific details that will need to be addressed by the system administrator. However many firewalls rules are composed in a format similar to the following:

Source	Destination	Service/Port	Action
LVA IP Address	Primary & Backup LVIG IP Addresses	TCP 2147	Permit

Registry Entry for Fixed TCP Ports

To view or edit the fixed TCP ports for an LiveVault Online Backup Service Agent, run regedit on the LiveVault Online Backup Service Agent and do the following:

Go to HKEY_LOCAL_MACHINE\SOFTWARE\LiveVault Corporation\LiveVault.net\LVRT\Static Route.
Look at the values for PrimaryTunnelPort and BackupTunnelPort.

Proxy Firewalls

LiveVault Online Backup Service Agents and LVIGs cannot communicate through a Proxy firewall. However, many Proxy firewalls can be modified to allow access.

If you have Proxy servers, contact Customer Service. If you are running Microsoft Proxy Server 2.0 or ISA 2000, also see Microsoft Proxy Server 2.0 or Internet Security and Acceleration (ISA) Server 2000.