You are here: Using firewalls

Using firewalls

Double-Take Move can be used over a wide area network (WAN) through firewalls, but it does not support Network Address Translation (NAT) configurations.

If your servers are on opposite sides of a firewall, you will need to configure your hardware to accommodate Double-Take Move communications. You must have the hardware already in place and know how to configure the hardware ports. If you do not, see the reference manual for your hardware.

Double-Take Move ports

Double-Take Move port information is stored in configuration files. By default, ports 6320, 6325, 6330, and 6340 are used. If desired you can modify some of these ports. However, not all of the ports can be modified.

If you have to modify which ports are used, you will have to modify two configuration files. Be careful when modifying these configuration files. If you modify them incorrectly, Double-Take Move may no longer work correctly.

  1. Open the file JobMgr.dll.config in your Double-Take Move installation directory. By default, this is \Program Files\Vision Solutions\Double-Take Move. You may need to associate the .config file extension with Notepad or another text editor.

  2. Locate the following lines near the top of the configuration file.

    <add key="IdentificationPort" value="6320"/>

    <add key="FallbackIdentificationPort" value="1100"/>

    <add key="LivewirePort" value ="6340"/>

    <add key="VRAPort" value="6330"/>

  3. Change the port numbers as necessary. Do not change any other information.
  4. Save the configuration file.
  5. Repeat steps 1 through 4 with the file DTMove.exe.config, using the same port numbers for each key as you used in the JobMgr.dll.config file.
  6. Repeat steps 1 through 5 for each Double-Take Move server. The ports must match between all Double-Take Move servers and clients.
  7. If you changed the IdentificationPort in the configuration files, you must also change a port in the Replication Console.
    1. Select Start, Programs, Double-Take , Double-Take Replication Console.

    2. Locate your server in the server tree in the left pane of the Replication Console.

      If your server is not listed, select Insert, Server. Type the machine name or IP address and click OK.

       

    3. Double-click the server to log on to it.
    4. Right-click the server in the left pane of the Replication Console and select Properties.
    5. On the Network tab, modify the Communications Port to match the IdentificationPort in the configuration files.
    6. Click OK.
    7. Repeat steps b through f for all of your Double-Take Move servers.

All of your Double-Take Move servers and clients must have the same port configuration.

Microsoft Windows ports

Double-Take Move will use WMI (Windows Management Instrumentation) which uses RPC (Remote Procedure Call). By default, RPC will use ports at random above 1024, and these ports must be open on your firewall. RPC ports can be configured to a specific range by specific registry changes and a reboot. See the Microsoft Knowledge Base article 154596 for instructions.

Double-Take Move also relies on other Microsoft Windows ports.

These ports must be open on your firewall. Check your Microsoft documentation if you need to modify these ports.

Other ports 

Connections to an ESX host require port 443. The port must be open for the duration of the job (creation and failover). Port 443 can be closed temporarily, but be aware that job creations and failovers will not occur. When the port is reopened, normal Double-Take Move functionality resumes.

Hardware ports

You need to configure your hardware so that all of the above ports for both Double-Take Move and Microsoft Windows are open. Since communication occurs bi-directionally, make sure you configure both incoming and outgoing traffic.

There are many types of hardware on the market, and each can be configured differently. See your hardware reference manual for instructions on setting up your particular router.