Learn more

What if I have a firewall?

In most cases our software interacts well with firewalls, resulting in no problems for the average user. However, depending upon the type of firewall you have in place, you may need to choose the correct firewall option in our software and / or make some configuration changes to the firewall itself.

It is simplest to begin by assuming you do not have a firewall during the installation process, selecting the appropriate option. If this allows you to connect to the internet and register your account at our data centres, then you have nothing more to do.

If you are using a personal firewall, you may simply have to configure the firewall to allow our software to access the internet. There are numerous types of personal firewalls on the market, but it is usually a straightforward process.

If you have a more sophisticated firewall or are using the software inside an office network, you may need to get your firewall administrator to change its settings. This is potentially a more complex process and you will have to provide your administrator with the following details in order for the correct changes to be made:

Detailed Firewall Information: Overview
Protocols
Server Subnets
Port Numbers
DNS
Registration vs. subsequent connections
SOCKS-Compliant Proxy Servers
Other Proxy Firewalls
Packet Filtering Firewalls
 

The Backup Direct™ software communicates with the Backup Direct™ secure Data Centres using the standard TCP/IP protocol.

Connections are initiated from the backup software on your computer or inside the firewall. Connections are NEVER initiated from the outside.

The program can work with all types of firewalls, including packet-filtering, circuit-filtering, SOCKS-compliant Proxy or Mapped Proxy firewalls. For most firewalls, some configuration of the firewall is needed. If your network requires explicit connection to the firewall to initiate outgoing connections, the Data Protector software must be configured for your firewall. You can configure it yourself using our client software configuration tool.

The requirements for running Backup Direct™ service are consistent with security best practices. They do not create an opening for incoming connections, and outgoing connections can be limited to specific ports at specific known IP addresses. As an added security measure, all data is Triple-DES encrypted before leaving your PC; it remains encrypted though transmission, and is stored encrypted at the Backup Direct™ secure Data Centres.

The following information is useful for configuring a firewall to permit outgoing connections to the Data Centre servers.

TCP/IP is used. There is no use of UDP or ICMP.

Each user's Backup Direct™ software connects to a primary and an alternate server in order to provide high availability. Currently, all servers reside in the following subnets:

• 193.239.112.0 through to 193.239.112.254
• 193.239.113.0 through to 193.239.113.254

The Backup Direct™ software must have access to these subnets. Should these addresses change in the future, notice will be given to allow firewall changes and the Backup Direct™ software can be automatically updated with the new addresses.

All Backup Direct™ servers listen for client requests on a well-known port number: 16384. The Backup Direct™ software always establishes a TCP/IP session with port 16384 on the server.

The Backup Direct™ software connects to a server using the server's IP address, not its name. Therefore, name resolution and access to a name server are not required.

The Backup Direct™ software is configured to connect to one of a pair of registration server addresses (primary and alternate) when it is used for the first time. The registration process assigns a server address pair (primary and alternate) for all subsequent uses.

The Backup Direct™ software can be configured to connect out through a SOCKS proxy server. The IP address (or the DNS) of the proxy server and the port number on which it listens for connections must be known in order to configure the backup software. SOCKS is designed to allow outgoing connections and responses back to those connections, but to prevent other incoming packets. This is consistent with the Backup Direct™ software. If your SOCKS proxy server has been set up with additional restrictions on outgoing connections, it is necessary to include Backup Direct's subnets in the permitted destinations.

When prompted by the Backup Direct™ setup program to select a Firewall option, select the, "Use SOCKS proxy firewall" radio button and enter your proxy server information.

Note: The default setting for SOCKS TCP Port is 1080.

In order for the Backup Direct™ software to be used with an application-based proxy firewall server, the firewall must be set to permit outbound TCP connections for a generic application. Mapped firewalls require a separate port on the firewall for each different destination address.

The IP addresses that must be mapped will appear when you attempt to run the client software, or can be seen by selecting Options/Connection.../Firewall in the client software. The destination port number is always 16384. The firewall administrator may choose any available port numbers on the firewall. Finally, the Backup Direct™ software must be configured with the IP address or the DNS of the firewall and the firewall port numbers that were chosen.

When prompted by the Backup Direct™ software to select a Firewall option, select the, "Use proxy firewall server(s)" radio button. Then enter the firewall mapping that was configured on your firewall: Enter the IP Address or DNS of your firewall into the "Firewall IP address" field; for both Secure Data Centres enter the port numbers chosen by the firewall administrator.

The following is a summary of rules that must be applied to the firewall software or hardware in order to enable Backup Direct™'s client-server protocol. (All the rules are described from the 'firewall's point of view.')

• Permit TCP/IP outbound to port 16384 to subnets 193.239.112.0 through to 193.239.112.254 and 193.239.113.0 through to 193.239.113.254
• If your firewall requires you to explicitly permit the response packets to come back, do so by permitting TCP/IP inbound to ports 1024-5000 from the subnets listed above, for an already-established connection. It is NOT necessary to permit a connection originating from outside the firewall.
• We do not utilize UDP or ICMP.

Learn More

What is online backup?

How does online backup work?

Who uses online backup?

What are the benefits of online backup?

Which package is for me?

Is it secure and where is my data?

What if I have a firewall?

How long does a backup take?

Are the prices fixed or will they vary by usage?

How do I sign up and pay?

What if I have a problem or need help?

How do I cancel my account?

Who is Backup Direct™?