For normal operation, DS‑Client needs to establish a session with DS‑System on port 4401. If you have a firewall installed, ensure that DS-Client has access to port 4401.

In a standard firewall configuration there is an internal network interface (i.e. your LAN with the DS‑Client) and an external network interface (i.e. the Internet or WAN). The internal network is considered to be 'trusted', while the external network is 'not trusted'.

Connections with DS‑System are always initiated by DS‑Client. (A DS‑System never initiates a connection with DS‑Client.) Therefore, ensure that port 4401 is accessible by TCP protocol for the internal network interface.

If you do not use DHCP for the DS‑Client computer you can:

In summary, if you want full control of the DS‑Client from the GUI, enable port 4401 (TCP) with transparency, as well as port 4403 (TCP and UDP).

Most default firewall configurations provide transparency for users inside your firewall, but not for the users outside the firewall. A DS‑Client needs transparency for the connection with DS‑System. Therefore, you must either set transparency ON for the internal network interface, or allow the connection on port 4401 to be transparent. This will depend on the type of firewall you are using.

There is no need for transparency on the external network interface.

The basic configuration required to setup your firewall for DS‑Client activities (backup/restore) is to allow port 4401 for the TCP protocol.

Allow access to port 4403 (TCP and UDP) in addition to port 4401.

If the DS‑Client computer has more than one network interface (assuming the DS‑Client computer is running Windows) and has default gateways on each interface, then modify the routing table manually to include the network from which the DS‑User machine is connecting.

The nodes in a Grid DS-Client communicate with one another on port 4410. All nodes must be in the same domain, therefore an external firewall is unlikely to be an issue.

However, if a firewall is configured on any of the DS-Client nodes, make sure it does not prevent the DS-Client service from using port 4410. See “Grid DS-Client”.