Firewall: Troubleshooting

Table of Contents

Communication Errors after changing existing Firewall configurations

Problem

After making changes to the existing firewall configuration of a client computer, communication errors occur.

Solution1

Perform these steps to avoid communication errors.

  1. From the CommCell Console, right-click the client computer, click All Tasks, then Push Firewall Configuration.
  2. Right-click the MediaAgent or proxy computer, click All Tasks, then Push Firewall Configuration. Repeat this step for all applicable MediaAgents.
  3. Right-click a CommServe computer, click All Tasks, then Push Firewall Configuration. Repeat this step for all applicable client computers and client groups.

Solution2

If you change the incoming ports of a client computer that is already configured with firewall settings, you may need to restart the client services for the new configuration to take effect.

See Services - Getting Started for more information.

Solution 3

You can also run the cvfwc_ping command to test connectivity to the client computer. For more information, click Firewall Connectivity Test Tool.

Connectivity Loss between CommServe Computer and Client during Firewall Configuration

Problem1

While configuring the firewall on a client computer or client group, connectivity between the CommServe computer and the client or client group being configured may be lost.

Solution1

If Push Firewall Configuration fails to update the client, and returns a communication error:

  1. From the CommCell Console, right-click the client computer you just configured, then click Properties.
  2. From the Firewall Configuration tab, click the Summary tab and copy its contents to the FwConfig.txt file located at the <software installation path>/Base folder.

    Recent changes to the firewall configuration of a client computer are reflected in the Summary tab. Unless you use Push Firewall Configuration, the client will not be updated with the latest changes.

Result: The client is updated with the new firewall configuration.

Problem2

When you change the name of a client computer, connectivity between the client and the CommServe computer may be lost.

Solution2

After performing the name change on the client, right-click the client computer from the CommCell Browser, then click All Tasks, and Push Firewall Configuration.

Solution 3

You can also run the cvfwc_ping command to connect to the client computer. For more information, click Firewall Connectivity Test Tool.

Slower Backups and Restores after upgrading

Problem

Backup and restore operations may be slower after upgrading from version 8 to version 10.

Solution

Make sure you have configured your firewalls appropriately after the upgrade.

After upgrading the CommServe, MediaAgent and client computers, perform the following:

  1. Configure firewall settings for the CommServe, MediaAgent and client computers by following the procedures explained in the Firewall - Getting Started pages.

    Push Firewall configuration for the CommServe, MediaAgent and all clients.

    If you need to configure multiple client computers, see Configuring Multiple Clients Simultaneously.

  2. After configuring the new firewall settings described above, follow the steps outlined in Optimizing Backup and Restore using Additional Ports for enhancing data throughput.

CommCell Components Cannot Communicate through a VPN Tunnel

See this article in the KnowledgeBase:

FW0001: CommCell Components Cannot Communicate through a VPN Tunnel

Logging on to a CommCell Console Times Out

See this article in the KnowledgeBase:

FW0002: Timeout when Attempting to Log in to CommCell Console

Version 8 Firewall Communication Issues

Client computers running Version 8 firewall software with Version 10 iDataAgent software have issues communicating with their Version 10 CommServe instance. See this article in the KnowledgeBase:

FW0003: Version 8 Firewall Support Ending

Cloned Client cannot Register with CommServe Host

Two client computers with the same name cannot coexist on the same CommServe instance. See this article in the KnowledgeBase:

FW0005: Cloned Client cannot Register with CommServe Host