Saturday, February 11, 2012

Allowing NetApp SnapMirror through a firewall

During a recent NetApp Snapmirror implementation we had a tremendous time getting SnapMirror to work.  After much troubleshooting we discovered that it was due to ACL’s on the customer switches.  After a bit of digging I discovered NetApp Technical Report 3326, which details the firewall configuration required.  It’s a bit TL;DR, so I’ve condensed it for you.
TCP Ports used by NetApp SnapMirror
  • TCP 10566 (Source System binds on this port)
  • TCP 10569 (Source system listens on this port)
  • TCP 10565 (If using multipath, this is what the destination System listens on)
  • TCP 10565, 10567, 10568 (Destination System listens on these ports)
  • Just open TCP 10565 – 10569 bi-directional and be done with it (if you can get away with it)
So, dear Network Mechanics, ensure that the above is allowed through your switch ACL’s and firewalls and make a storage admin happy!