Problem:

We had number of servers that were being backed up through a DMZ. The Master and differential backups were successful but the BareMetal backups would always fail. Actually, one BareMetal backups was always successful but all the other server BareMetal backups in the DMZ would fail. The BareMetal backups would report "waiting on client data" in the backup appliance's web interface for over an hour. The client-side agent seemed to be processing data (process name: wbps) but the backup would fail at the end. We looked closer at the firewall logs and found that data was being transferred and we saw a TCP Deny error.

Resolution:

We found that the Cisco firewall was configured to drop connections if they were idle for over one hour. The one server whose BareMetal backup was successful would complete in less than an hour. After adjusting the timeout setting, the BareMetal backups completed successfully.


CiscoASAConnectionTimeOut.jpg
(Cisco Firewall Setting)