Firewall: FAQ

Table of Contents

Can I use my older version clients as proxy when configuring TPPM?

No, you cannot select an older client (9.0 or 8.0) as the proxy when configuring TPPM.

Can I use both basic and advanced firewall configurations together?

No, the Advanced firewall settings override the Basic firewall settings.

Basic Firewall Configurations are simplified and do not need any additional entries on the CommServe or MediaAgent and auto populates the required fields. To use Advanced Firewall configuration it is mandatory to know the values that need to be specified for each of the configuration options.

Why is encrypting of initial authorization not working for my clients?

If you have 9.0 clients using Https Auth Only option in the client Firewall Configuration (Route Settings) tab, then after upgrading the CommServe these settings will not be honored.

Why is my laptop not used as roaming client?

If you have 9.0 clients using Roaming Client option in the client Firewall Configuration (Options) tab, then after upgrading the CommServe these settings will not be honored.

In a basic firewall configuration, am I required to push the configuration?

No. When you are configuring a client using the Basic firewall properties, the firewall configuration is automatically pushed to the client, CommServe and MediaAgent computers at the end of the configuration. Also, whenever the firewall properties of the MediaAgent are modified, the firewall configuration will be automatically pushed to the MediaAgent as well as to the CommServe and client computer.

Can I override CommServe hostname when configuring firewall?

Yes, you can override the CommServe host  name when configuring Firewall. See, Override CommServe Hostname for step by step instructions.

How can I quickly reference all available firewall options?

The following Firewall options can be configured:

Direct Connections

Client Connects to the CommServe (One-Way Firewall)

Basic Firewall
Advanced Firewall

CommServe/MediaAgent

Client

CommServe/MediaAgent: Incoming Connections from these computers are Restricted (see Configuring Third-Party Connections). Client: Incoming Connections from this computer is Blocked.
Enable the Configure Firewall Settings check box.

Enable firewall for these computers as follows:

  1. From the CommCell Browser, right-click the CommServe/MediaAgent computer and then click Properties.
  2. Click the Firewall Configuration tab. Then, click the Configure Firewall Settings check box and click OK.
Basic Configuration

Additional open ports can also be configured.

 

CommServe Connects to the Client (One-Way Firewall)

Firewall Configurations
CommServe/MediaAgent: Incoming Connections from these computers are Blocked. Client: Incoming Connections from this computer are Restricted (see Configuring Third-Party Connections).

Additional open ports can also be configured.

Client and CommServe Connect to Each Other (Two-Way Firewall)

Firewall Configurations
CommServe/MediaAgent: Incoming Connections from these computers are Restricted (see Configuring Third-Party Connections). Client: Incoming Connections from this computer is Restricted (see Configuring Third-Party Connections).

Additional open ports can also be configured.

Additional open ports can also be configured.

Port-Forwarding Gateway

Firewall Configurations
CommServe/MediaAgent: Incoming Connections from these computers are Restricted (see Configuring Third-Party Connections). Client: Incoming Connections from this computer is Blocked.

Outgoing Routes  - via Gateway

Perimeter network using SnapProtect proxy

Firewall Configurations

Proxy

Client

CommServe/MediaAgent

This computer will be configured as a proxy by enabling This Computer is in the perimeter network, and will work as a Proxy.

Outgoing Routes from these computers work as follows:

  • Remote Group - CommServe/MediaAgent,
  • Route type - via Proxy
 

Outgoing Routes from these computers work as follows:

  • Remote Group - CommServe/MediaAgent,
  • Route type - via Proxy