Is your firewall flexible enough to only open the ports you need open for those MAC addresses that you specify? If so, that provides you a way to limit which machines can use those ports (yes, I'm aware that MAC addresses can be spoofed, but someone would need to be able to find out what the correct MAC addresses are first.)
Another option might be to create a secure tunnel from your servers in the DMZs to the backup server. SSL with mutual authentication would work nicely with that, as long as each machine knows where it's supposed to be communicating.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.