Firewall Using a Port-Forwarding Gateway
There are cases where direct connectivity setups do not work. Consider the case of the CommServe and MediaAgent being located inside a company’s internal network, with the entire network being exposed to the outside world through a single IP address. Typically, this IP address belongs to a firewall or gateway that works as a network address translation (NAT) device for connections from the internal network to the outside. The SnapProtect firewall supports NAT operations.
In scenarios like this, you can establish port forwarding at the gateway to forward connections received by specific gateway ports to clients on the internal network. You can then configure the clients to open a direct connection to the port-forwarder’s IP address on a specific port to reach a particular internal server. This creates a custom route from the client towards the internal servers.
A port-forwarding gateway sends incoming connections to specific machines on the internal network based on the incoming connection’s destination port number.
The following diagram illustrates a client connecting to the CommServe and MediaAgent computers through a port-forwarding gateway setup.
Microsoft Internet Information Services (IIS) uses port number 443 by default. If you are running IIS on a computer, you will not be able to use port 443 as a firewall configuration on that computer. By default, the SnapProtect software uses port 8403 for firewall communication.
- Set up connections for the port-forwarding gateway
Set up the CommServe computer to listen for connections from the gateway. For instructions, see Setting Up Connections from the Port-Forwarding Gateway to the CommServe Computer.
- Install the clients
Install the SnapProtect software on one or more clients. During the client installation, configure the client to connect to the CommServe computer through a port-forwarding gateway. For firewall instructions during the installation, see Setting Up Connectivity to the CommServe Computer Through a Port-Forwarding Gateway.
- Configure the CommServe computer
Perform firewall configurations on the CommServe computer to recognize the client connections through the port-forwarding gateway. For instructions, see Configuring the CommServe Computer.
- Configure the MediaAgents
Perform firewall configurations on the MediaAgents to recognize the client connections through the port-forwarding gateway. For instructions, see Configuring the MediaAgents.
- Configure the clients
Perform firewall configurations on the clients to establish the appropriate connections with the CommServe and MediaAgent computers. For instructions, see Configuring the Clients.