Please let us know the bi-directional port that needs to opened from client to server and vice versa.
We have clients which are having telnet issue as we are not able to telnet them from backup server to destination over 7937 and 7938 ports. Although telnet is working from destination to source. There is no firewall involved for backup server also.
the backupserver needs to be able to contact a client on the whole NW service port range 7937-9936 as stated in the NW security config guide (picture is from the NW19.5 guide).
You can restrict the port range for clients to a lower amount, suing the nsrports command. But this would be reset again to its default range of 7937-9936 again if for example cleaning up the nsrla contents on client end (which OS admins tend to do way too often to "solve" backup issues, causing new ones along the way as the nsr peer information on the NW server for the client would no longer be valid anymore *SIGH*). We take it pretty much for granted that the nsrport range is rather large and wide, even though some admins would reduce it themselves nonetheless. SO if and when reducing the amount of ports with nsrports, to be able to use a reduced set of ports to be opened on a FW, you'd have to make sure that this reduced portrange is always set correctly on the client, NW storage node and/or NW server. The security guide gives some calculations of what is minimally required.