Firewall Configuration - Windows

Table of Contents

Set Up Connectivity from the Client and the MediaAgent to the CommServe

Before configuring firewall options, ensure to setup connection to the CommServe as described in the Client Connects to the CommServe (One-Way Firewall) procedure.

Select the type of installation you are performing to configure the firewall scenario when the Client/MediaAgent can reach the CommServe.

Remote Install Using the CommCell Console

  • Click There is Firewall between this machine and CommServe.

    The Client machines can open connection to CommServe on tunnel port option is selected by default.

  • Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.
  • Click Next to continue with the client installation.

Interactive Install

  1. Click the Configure Firewall Services option.

    Select This machine can open connection to CommServe on tunnel port and click Next.

  2. Enter the name of the computer where the CommServe resides in the CommServe Client Name box.

    Enter the fully qualified domain name or IP address of the CommServe hostname in the CommServe Host Name box.

    Click Next.

    The name of the CommServe client is case sensitive. Be sure to enter the client name of the CommServe in the same case as it appears in the CommCell Console.

  3. Enter the following:
    • The local (NetBIOS) name of the client computer is displayed in the Select a Client name list.

      If necessary you can also type a new (friendly) name for the client in this box. This name will be used in the CommCell and will also be displayed in the CommCell Console.

      Do not use spaces when specifying a new name for the client.

    • The default network interface name of the client computer is displayed if the computer has only one network interface (NIC card).

      If the computer has multiple network interfaces, select the interface name that is preferred for communication with the CommServe.

    Click Next.

    If a component is already installed on this computer, this screen will not be displayed; instead, the install program will use the same name as previously specified.

  4. Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.

    Click Next.

  5. If this computer is separated from the CommServe by a HTTP Proxy, select Configure for HTTP proxy and then provide the following information:
    • Enter the hostname or IP address of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy hostname or IP address box.
    • Specify the port number of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy port number box.
    • Click Next.

    If this computer is not separated from the CommServe by a HTTP Proxy, accept the default values and click Next.

  6. If the CommCell group requires certificate authentication during installation, enter the path to the folder where CommCell certificates are stored.

    See Enforcing CommCell Specific Certificates for Authentication for more information on this firewall feature, and steps to export the CommCell Certification.

    Click Next to continue with the client installation.

Set Up Connectivity from the CommServe to the Client and the MediaAgent

Before configuring firewall options, ensure to setup connection to the CommServe as described in the CommServe Connects to the Client (One-Way Firewall) procedure.

Select the type of installation you are performing to configure the firewall scenario when the CommServe can reach the Client/MediaAgent.

Remote Install Using the CommCell Console

  • Click There is Firewall between this machine and CommServe.
  • Select the CommServe can open connection towards client machines option.
  • Enter the a local port number through which the client will receive communication from the CommServe in the Local HTTP/HTTPS tunnel port number box.
  • Click Next to continue with the client installation.

Interactive Install

  1. Click the Configure Firewall Services option.

    Select CommServe can open connection toward this machine and click Next.

  2. Enter the name of the computer where the CommServe resides in the CommServe Client Name box.

    Click Next.

    The name of the CommServe client is case sensitive. Ensure to specify the name with the correct letter case.

  3. Enter the following:
    • The local (NetBIOS) name of the client computer is displayed in the Select a Client name list.

      If necessary you can also type a new (friendly) name for the client in this box. This name will be used in the CommCell and will also be displayed in the CommCell Console.

      Do not use spaces when specifying a new name for the client.

    • The default network interface name of the client computer is displayed if the computer has only one network interface (NIC card).

      If the computer has multiple network interfaces, select the interface name that is preferred for communication with the CommServe.

    Click Next.

    If a component is already installed on this computer, this screen will not be displayed; instead, the install program will use the same name as previously specified.

  4. Enter a local port number through which the client will receive communication from the CommServe in the Local HTTP/HTTPS tunnel port number box.

    Click Next.

  5. If the CommCell group requires certificate authentication during installation, enter the path to the folder where CommCell certificates are stored.

    See Enforcing CommCell Specific Certificates for Authentication for more information on this firewall feature, and steps to export the CommCell Certification.

    Click Next to continue with the client installation.

Set Up Two-Way Connectivity between the CommServe and the Client or the MediaAgent

Before configuring firewall options, ensure to setup connection to the CommServe as described in the Client and CommServe Connect to each other (Two-Way Firewall) procedure.

Select the type of installation you are performing to configure the firewall scenario when the Client/MediaAgent and CommServe can reach each other.

Remote Install Using CommCell Console

  • Click There is Firewall between this machine and CommServe.

    The Client machines can open connection to CommServe on tunnel port option is selected by default.

  • Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.
  • Click Next to continue with the client installation.

Interactive Install

  1. Click the Configure Firewall Services option.

    Select This machine can open connection to CommServe on tunnel port and click Next.

  2. Enter the name of the computer where the CommServe resides in the CommServe Client Name box.

    Enter the fully qualified domain name or IP address of the CommServe hostname in the CommServe Host Name box.

    Click Next.

    The name of the CommServe client is case sensitive. Be sure to enter the client name of the CommServe in the same case as it appears in the CommCell Console.

  3. Enter the following:
    • The local (NetBIOS) name of the client computer is displayed in the Select a Client name list.

      If necessary you can also type a new (friendly) name for the client in this box. This name will be used in the CommCell and will also be displayed in the CommCell Console.

      Do not use spaces when specifying a new name for the client.

    • The default network interface name of the client computer is displayed if the computer has only one network interface (NIC card).

      If the computer has multiple network interfaces, select the interface name that is preferred for communication with the CommServe.

    Click Next.

    If a component is already installed on this computer, this screen will not be displayed; instead, the install program will use the same name as previously specified.

  4. Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.

    Click Next.

  5. If this computer is separated from the CommServe by a HTTP Proxy, select Configure for HTTP proxy and then provide the following information:
    • Enter the hostname or IP address of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy hostname or IP address box.
    • Specify the port number of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy port number box.
    • Click Next.

    If this computer is not separated from the CommServe by a HTTP Proxy, accept the default values and click Next.

  6. If the CommCell group requires certificate authentication during installation, enter the path to the folder where CommCell certificates are stored.

    See Enforcing CommCell Specific Certificates for Authentication for more information on this firewall feature, and steps to export the CommCell Certification.

    Click Next to continue with the client installation.

Set Up Connectivity to the CommServe Using a Port Forwarding Gateway

Before configuring firewall options, ensure to configure the port-forwarding gateway and to setup connection to the CommServe as described in the Port-Forwarding Gateway procedure.

Select the type of installation you are performing to configure the firewall scenario when the Client/MediaAgent connects to the CommServe through a port forwarding gateway.

Remote Install Using the CommCell Console

  • Click There is Firewall between this machine and CommServe.

    The Client machines can open connection to CommServe on tunnel port option is selected by default.

  • Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.
  • Click Next to continue with the client installation.

Interactive Install

  1. Click the Configure Firewall Services option.

    Select This machine can open connection to CommServe on tunnel port and click Next.

  2. Enter the name of the computer where the CommServe resides in the CommServe Client Name box.

    Enter the hostname of the port-forwarding gateway in the CommServe Host Name box e.g., gateway.gatewayservices.com.

    Click Next.

    The name of the CommServe client is case sensitive. Ensure to specify the name with the correct letter case.

  3. Enter the following:
    • The local (NetBIOS) name of the client computer is displayed in the Select a Client name list.

      If necessary you can also type a new (friendly) name for the client in this box. This name will be used in the CommCell and will also be displayed in the CommCell Console.

      Do not use spaces when specifying a new name for the client.

    • The default network interface name of the client computer is displayed if the computer has only one network interface (NIC card).

      If the computer has multiple network interfaces, select the interface name that is preferred for communication with the CommServe.

    Click Next.

    If a component is already installed on this computer, this screen will not be displayed; instead, the install program will use the same name as previously specified.

  4. Enter the incoming port number through which the CommServe receives tunnel connections in the CommServe HTTP/HTTPS tunnel port number box.

    Click Next.

  5. If this computer is separated from the CommServe by a HTTP Proxy, select Configure for HTTP proxy and then provide the following information:
    • Enter the hostname or IP address of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy hostname or IP address box.
    • Specify the port number of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy port number box.
    • Click Next.

    If this computer is not separated from the CommServe by a HTTP Proxy, accept the default values and click Next.

  6. If the CommCell group requires certificate authentication during installation, enter the path to the folder where CommCell certificates are stored.

    See Enforcing CommCell Specific Certificates for Authentication for more information on this firewall feature, and steps to export the CommCell Certification.

    Click Next to continue with the client installation.

Set Up Connectivity to the CommServe Using a Proxy

Before configuring firewall options, set up the SnapProtect proxy as described in the Perimeter Network Using Proxy procedure.

Select the type of installation you are performing to configure the firewall scenario when the client/MediaAgent connects to the CommServe through a proxy.

Remote Install Using the CommCell Console

  • Click There is Firewall between this machine and CommServe.
  • Select the CommServe is reachable only through proxy option.
  • Select the client name of the SnapProtect proxy from the Proxy client name list.
  • Click Next to continue with the client installation.

Interactive Install

  1. Click the Configure Firewall Services option.

    Select CommServe is reachable only through a proxy and click Next.

  2. Enter the name of the computer where the CommServe resides in the CommServe Client Name box.

    Click Next.

    The name of the CommServe client is case sensitive. Ensure to specify the name with the correct letter case.

  3. Enter the following:
    • The local (NetBIOS) name of the client computer is displayed in the Select a Client name list.

      If necessary you can also type a new (friendly) name for the client in this box. This name will be used in the CommCell and will also be displayed in the CommCell Console.

      Do not use spaces when specifying a new name for the client.

    • The default network interface name of the client computer is displayed if the computer has only one network interface (NIC card).

      If the computer has multiple network interfaces, select the interface name that is preferred for communication with the CommServe.

    Click Next.

    If a component is already installed on this computer, this screen will not be displayed; instead, the install program will use the same name as previously specified.

  4. Provide the following information:
    • Enter the tunnel port on which the proxy is expecting connections to the CommServe in the Proxy HTTP/HTTPS tunnel port number box. If the proxy is behind a port-forwarding gateway, then provide the port number of the port-forwarding gateway to reach the CommServe.
    • Enter the hostname of the proxy through which the CommServe can be reached in the Proxy hostname or IP address box. If the proxy is behind a port-forwarding gateway, then provide the host name or the IP address of the port-forwarding gateway.
    • Enter the client name of the SnapProtect proxy in the Proxy client name box.

      The name of the proxy client is case sensitive. Ensure to specify the name with the correct letter case.

    Click Next.

  5. If this computer is separated from the CommServe by a HTTP Proxy, select Configure for HTTP proxy and then provide the following information:
    • Enter the hostname or IP address of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy hostname or IP address box.
    • Specify the port number of the HTTP Proxy through which the CommServe can be reached in the HTTP Proxy port number box.
    • Click Next.

    If this computer is not separated from the CommServe by a HTTP Proxy, accept the default values and click Next.

  6. If the CommCell group requires certificate authentication during installation, enter the path to the folder where CommCell certificates are stored.

    See Enforcing CommCell Specific Certificates for Authentication for more information on this firewall feature, and steps to export the CommCell Certification.

    Click Next to continue with the client installation.