Skip to main content



How can we help you?


Druva Documentation

How to remotely backup clients over WAN/VPN

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.


inSync uses client triggered backups, network encryption, and WAN optimization to facilitate faster backups over  VPN or WAN (Internet) for remote users. All backup and restore requests are initiated by the inSync client over a secure 256-bit encrypted SSL channel. 

This articles explains how to configure inSync server for remote backup.


  • Setting the Published IP Addresses
  • Automatic Configuration of Network Settings on Clients
  • Changes to Published IP Addresses
  • Firewall Settings

Network Settings for inSync

In presence of multiple network interfaces (for LAN/WAN) or a firewall, the inSync Server may be reachable by the inSync clients on different network addresses. For instance:

  1. LAN - : 6061
  2. LAN - : 6061
  3. WAN - : 8000

Note: In this example the IP address visible to the WAN users is and NOT 

Setting the published IP addresses

The administrator needs to add the three IP addresses to the list of  Published Addresses as shown here.


The configuration can be done on the inSync Web Control Panel, by navigating to Settings > Network. Again, these are NOT necessarily the server IP addresses, but those on which the client can connect to the server. 

Note: These addresses need to be configured before the keys are generated for each user.

The Web/App Restore IP address should also be updated to an IP address which all the users can reach.

Automatic configuration of Network Settings on Client

To avoid manual configuration these IP addresses and other essential settings are communicated to the user using the authentication key (.isk) file. Once the IP addresses are configured, generate the key files and send them to all the new users. Once the keys are loaded in inSync client, it automatically polls the IP addresses in the given order and starts backing up the data.

Changes to published IP addresses

Any changes to the Published IP Addresses are automatically communicated to the already configured and syncing clients and it does not require re-issuing of the keys

Firewall settings

The settings on the firewall should allow unidirectional (one way traffic) from “ANY” to configured (default 6061) port on the inSync Server.

Go to top