Avamar (AVE) and NAT

I am using avamar where the nodes sit behind a NAT, with firewall rules allowing outbound and inbound, and clients across the Internet that are behind a NAT or PAT. There is no inbound Internet access to the clients, but the clients can get out to the Internet. This is typical of someone with a laptop or traveling machine that uses Internet access at a hotel, or from home, or any device using a firewall that shares an internet conenction with multiple machines.

With this configuration you will not be able to browse the client from the MCS. You will also not be able to register the client from the MCS. This is because the avamar system has no way to contact the client as there is no network path inbound to that client. You can still backup the client, as well as initiate backups from the MCS.

The steps I used are: Make sure the avamar system is setup with the correct nat address mappings. You can use the nodedb print command to verify these settings from the utility node.

Create a avtar.cmd in the avs/var folder on the client where the agent is installed that contains the line

--hfsaddr=NATIP of the avamar utility node. This is the IP of the avamar system that clients can get to over the internet.

Activate the client from the client. You can create the device on the MCS before activation if you want to so group assignments are preset, or do it after the machine activates and adds itself to the MCS.

When backups kickoff for the client from the MCS, a job is submitted and queued as waiting for client. I have seen where clients will check in with the avamar system every 60 seconds to a few minutes. When the client checks in it will pickup the work job and begin the backup.

If you want to browse the client and have that full functionality, you will need to have a static NAT to all devices with firewall rules to allow the appropriate ports through, as well as changing the client OS firewall for the same access.