Configuring Outgoing Tunnel Connections

By default, CommCell components are configured with the Authenticated option for outgoing communication. This option specifies sending authentication credentials securely using HTTPS protocol (which encrypts the traffic), then switching to HTTP when transferring data.

You can configure outgoing routes to use any of the following tunnel connection protocol options:

Protocol Option Description
  • This is the standard application protocol. It optimizes data transfer performance.
  • Data and control traffic are transferred using HTTP.
  • This is the default connection protocol used by CommCell components.
  • In this configuration, the HTTPS protocol is used to encrypt the initial communication between CommCell components. Once the communication is authenticated, the tunnel connection switches to HTTP, to optimize data transfer performance.
  • Data is transferred over HTTP, but the control traffic is tunneled using HTTPS protocol.
  • This protocol encrypts and authenticates the connections between CommCell components through Secure Socket Layer (SSL), similar to what happens when a web browser opens secure connections with https:// prefix.
  • Data and control traffic are transferred using HTTPS protocol.
Raw Use the Raw option to transmit SnapProtect data and control traffic using TCP packets without any form of encapsulation. Raw is useful when you have determined that one or more network devices in the tunnel path, such as gateways or firewalls, are modifying the HTTP stream, and thereby preventing CommCell devices from communicating with each other.

Use this procedure to set the protocol for one outgoing route, regardless of what protocol has been assigned at the client or client group level.

Before You Begin

  • If your clients are separated by a firewall, review the supported firewall types described in Firewall: Overview, then configure the CommCell components as appropriate for your installation.
  • If your clients are not separated by a firewall, configure a one-way firewall just to initiate a tunnel connection to enforce HTTPS transport. Based on the direction in which the connection is initiated, select the appropriate method to configure the firewall from Firewall Using Direct Connections.


  1. In the CommCell Browser, expand Client Computers, then right-click the client_name and click Properties.
  2. Click Advanced. The Advanced Client Properties dialog box opens.
  3. Click the Firewall Configuration tab, then select Configure Firewall Settings.
  4. Select the Advanced option, then read the warning and click OK to acknowledge it.
  5. Click the Outgoing Routes tab.
  6. Click Add, or select the route to configure and click Edit. The Route Settings dialog box opens. By default, new routes are Direct, with a tunnel connection protocol of Authenticated.
  7. Under Tunnel Connection Protocol, select a connection protocol.
  8. Click OK to save the route settings change.
  9. Click OK twice to exit the client properties.