Network and Firewall Settings
The network and firewall settings required for AhsayCBS includes access to the web interface, license activation, backup and restore processes, email port settings and replication port settings. As a prerequisite, a fixed remote IP and internal IP are required for AhsayCBS. Also, the firewall should support the TLSv1 cryptographic protocol.
Network Settings
Static IP Address
The use of dynamic IP addresses for AhsayCBS domain names may result in an unstable backup service, or replication process restarting whenever the IP address re-cycles.
A static IP address will ensure the remote IP address sent by AhsayCBS to the Ahsay License Server will remain the same during daily routine license checks. This will avoid potential license errors, i.e., 1011 or 1012 license errors which could result in the automatic shutdown of your AhsayCBS service.
It is strongly recommended that you use a static IP address for your AhsayCBS server to ensure a stable and reliable backup service.
Network Load Balancing Configuration
For AhsayCBS servers which are configured with network load balancing, i.e. a dual WAN router or Round Robin routing. A static route should be configured for your AhsayCBS server connection to the Ahsay License Server (lic.ahsay.com). As mentioned above, this will ensure the remote IP address sent by AhsayCBS to the Ahsay License Server will remain the same during daily routine license checks.
This will also avoid any connection problems, between the Backup Server and Replication server, caused by any switching between the two network connections due to the change in IP address. Using a static route will prevent the replication process restarting itself.
MAC Address
A valid MAC address is also needed as part of the license activation and validation process, otherwise the evaluation or production license keys will not be applied to AhsayCBS.
In Windows open a command prompt and type ipconfig /all. The MAC address will be displayed as the Physical Address.
In Linux/FreeBSD open a ssh and type ifconfig. The MAC address is the ether.
Test Connectivity
The AhsayCBS server must be able to ping its hostname and activate license key successfully to ensure that the SMTP server setting will work properly.
In Windows open a command prompt, while in Linux/FreeBSD open shh and type hostname. Then type ping “hostname”.
Firewall Settings
Ports and Settings
After you have finished setting up your AhsayCBS server, please ensure you have updated your firewall settings to allow network traffic through the following ports:
| Port | Description |
|---|---|
| 80 | HTTP port for incoming backup and restore traffic and browsing the AhsayCBS web interface. |
| 443 | HTTPS port for incoming backup and restore traffic and browsing the AhsayCBS web interface. |
| 8081 | Default port used by AhsayCBS for Run on Server (Agentless) Microsoft 365 and Cloud File backup on local IP address 127.0.0.1. If the default port is occupied, then AhsayCBS will automatically acquire the next available free port from 8081 to 9080. If all ports in that range are occupied, then AhsayCBS service is stopped. |
| 25 | Outgoing SMTP port to the SMTP server. |
| 111 | Port mapper |
| 1058 | Mount port **required for Run Direct on AhsayCBS |
| 2049 | Port for NFS Service |
| Any incoming TCP port(s) | Any incoming TCP ports 80 and 443 to the public on your firewall. Please consult the user's manual of your firewall for more information on how to do so. |
TCP Ports 80 and 443
It is recommended to expose only TCP ports 80 and 443 to the public on your firewall. Please consult the user’s manual of your firewall for more information on how to do so.
SMTP Server
AhsayCBS supports SMTP server which use either TLS v1.0, v1.1 or v1.2.
Restricting Access on Administration Panel
If you do not wish to offer your client access to the AhsayCBS console to manage their accounts, it is recommended to implement IP address restrictions to harden the security. You may do this by restricting a range of IP addresses which can access your AhsayCBS console. For more information, please refer to the System Settings part.
Replication using cross over cable
It is not recommended to set up a Backup Server and a Replication Server using a cross over cable for replication, which will result in connection and performance issues.
If the Backup Server and the Replication Server are located on the same site they should be connected via a switch.
Certificate Settings
The certificate provided by Ahsay System Corporation Limited is a dummy certificate, which means it can only be used for testing and evaluation but not for production use. So please purchase an official trusted certificate before using AhsayCBS.
You can refer to the following article for trusted certificate authority (CA) certificates list for AhsayCBS version 9.1.0.0 or above: Trusted Certificate Authority (CA) List for version 9
Please refer to the System Settings part for more details about certification. You can also refer to the following link to search about the details about SSL certificate installation.
Ahsay License Server
The AhsayCBS server is required to access the Internet to connect to our license server lic.ahsay.com using the https protocol in order to activate the trial license key or validate a purchase key.
Please ensure the firewall outbound connection settings are enabled and the TLSv1.2 setting is allowed.
Windows
To verify connection to the Ahsay License Server, please open a browser on the Windows machine and load https:/lic.ahsay.com in a browser. If the connection is successful, you will see the following screen.
Linux/FreeBSD
To verify connection to the Ahsay License Server, use the telnet command. If the connection is successful, you will see the following message.
To verify TLSv1.2 is enabled, use openssl s_client command. If TLSv1.2 is enabled, you will see the following message.
FreeBSD
To verify connection to the Ahsay license server, use the fetch command. If the connection is successful, you will see the following message.
You also need to open the alsIndex.htm to verify the contents. You can open it by using a text editor like “vi”.
FAQ