Changing network and security options for Backup Exec

Last published : Apr 02, 2026
You can configure how Backup Exec works with your network configuration and security. The network and security options are global options that affect all Backup Exec jobs.
If the global network and security settings that you configure do not apply for a specific backup job, you can change the network settings when you create the backup job.
See Configuring network options for backup jobs.
To edit network and security options
  1. Click the Backup Exec button, select Configuration and Settings, and then clickBackup Exec Settings.
  2. In the left pane, select Network and Security.
  3. Configure any of the following options:
    Network interface Select the name of the network interface card that connects the Backup Exec server to the default network that you want to use for backup jobs. The list includes all available network interfaces on the Backup Exec server.
    Protocol Select the default protocol you want to use for backup jobs.
    The options are as follows:
    - Use any available protocol
    - IPv4
    - IPv6
    Subnet Select the 32-bit number that determines the subnet to which the network interface card belongs.
    Allow use of any available network interface, subnet, or protocol for Backup Exec agents not bound to the above network interface, subnet, or protocol Select this option to let Backup Exec use any available network if the remote system that you selected for backup or restore is not part of the specified backup network.
    If you do not select this option and the remote system is not part of the specified backup network, the job fails. Backup Exec cannot access the data from the remote system.
    Interface Details Click this option to view the Media Access Control (MAC) address, adapter type, description, IP addresses, and subnet prefixes for the interface that you selected for the backup network.
    Enable selection of user shares Select this option to include user-defined shares in jobs.
    If you do not select this option, you cannot select user-defined shares when you create jobs.
    Enable TCP dynamic port range Lets Backup Exec agents use a range of ports for communication.
    You enter the port range. If the first port that Backup Exec attempts to use is not available, Backup Exec attempts to use one of the other ports in the range. If none of the ports in the range is available, Backup Exec uses any available dynamic port. Default port ranges are 1025 to 65535. It is recommended that you use a range of 25 allocated ports for the remote system if you use Backup Exec with a firewall.
    See Using Backup Exec with firewalls .
    Use a custom port to receive operation requests from the Oracle server Lets you specify the port that Backup Exec uses for communication between the Backup Exec server and the remote computer for both DBA and Backup Exec server-initiated operations. By default, Backup Exec uses port 5633.
    If you change the port number on the remote Windows or Linux computer, you must also change it on the Backup Exec server. Then you must restart the Backup Exec Job Engine service on the Backup Exec server.
    See About Oracle instance information changes .
    Use FIPS 140-2 compliant software encryption Lets you enable software encryption that complies with FIPS 140-2 standards. If you select this option, you must use a 256-bit AES encryption key. This option is available only for Windows computers.
    You must stop and restart the Backup Exec services for this change to take effect.
    Manage Keys Lets you create a new encryption key or manage existing encryption keys.
    Secure the Backup Exec console Lets you secure the Backup Exec console by providing the following features when you select the Secure the Backup Exec Console check box\:
    - Authentication After you select the Secure the Backup Exec Console check box, the authentication setting is enabled and the next time that you launch Backup Exec, you need to enter Backup Exec login credentials to connect to the console. If you do not enter the credentials you cannot connect to the Backup Exec console.
    - Lock Console option After you select the Secure the Backup Exec Console check box, this feature is enabled. You can lock the Backup Exec session that you are working on and secure the Backup Exec console from unauthorized access. Unless you unlock the Backup Exec console, you cannot perform any tasks in the Backup Exec user interface.
    Note: By default, this check box is not selected.
    This option is not applicable for Remote Administration Console (RAC) as you must always provide credentials to connect to the Backup Exec console.
    Only the owner of a System Logon Account, who is logged on to the Backup Exec console has the privileges to change the user access settings. If you want to know the owner of the System Logon Account, click the Backup Exec button, and then select Configuration and Settings > Select Logon Accounts > Manage Logon Accounts . On the Logon Account Management dialog box, the Owner column displays the owner of the System Logon Account.
    In case of rolling upgrade, if you have an earlier version of MMS and an updated version of CAS, and you connect to MMS from CAS, this check box is available and you can select it. However, this setting is not enabled for MMS.
    See Locking and unlocking the Backup Exec Console .
    Disk storage lockdown setting The Ransomware Resilience feature lets you enable or disable the lockdown setting on the disk storage.
    The disk storage lockdown setting protects the disk-based backup storage configured with Backup Exec. Access to disk storage is limited only to authorized processes like Backup Exec services. Only Backup Exec is allowed to write to the disk storage (Backup Exec data folders where the backup jobs are targeted). No other process can write to the disk storage.
    While the lockdown is enabled, backups and restores continue to work without a change.
    If the disk storage is created on a network share hosted on a remote server, Backup Exec can only monitor the write operations originating from the media server. If the network share is accessed from any other server, which does not have Backup Exec installed, write access is allowed.
    This setting is enabled by default and is the recommended setting to protect your backup data. You can disable the setting by providing the System Logon Account credentials.
    See Disabling disk storage lockdown .
    When the lockdown is in effect, the status displays Enabled .
    The setting is disabled and the lockdown status displays Disabled . It is strongly recommended that you enable this setting to protect your disk-based storage. Any changes to the disk-based storage can only be done by Backup Exec.
    If you disable the lockdown setting, the Send periodic alerts if the disk storage lockdown setting is disabled check box is selected so that you can receive periodic alerts. An alert is generated at 11 am every day until the lockdown setting is enabled agan. By default, this check box is selected. You can clear the check box to stop the periodic alerts.
    To enable the lockdown setting again, click Enable .
    See Viewing the disk storage lockdown status .
  4. Click OK.
More Information
Backup networks