Configuring the Client for One-Way Firewall (Client to CommServe)
You must configure the client to initiate connections with the CommServe computer and MediaAgent. This configuration is necessary to enable backup and restore operations on the clients.
During the firewall configuration, you will set incoming connections from the CommServe and MediaAgent computers as Blocked.
Before You Begin
- From the CommCell Browser, right-click the client, then click Properties and Network.
- On the Firewall Configuration tab, select Configure Firewall Settings, then the Advanced option. Click OK to acknowledge the warning and continue.
- Set the incoming connection to the client from the CommServe computer:
- Click Add.
- In From, select the name of the CommServe computer.
- In State, select BLOCKED, since the CommServe does not need to open connections to the Client.
- Click OK.
- Set the incoming connection to the client from the MediaAgent:
- Click Add.
- In From, select the name of the MediaAgent computer.
- In the State field, select BLOCKED, since the MediaAgent does not need to open connections to the Client.
- Click OK.
- Set the outgoing route from the client to the CommServe computer:
- Click the Outgoing Routes tab.
- Select the CommServe name from the Remote Group/Client list.
- For Tunnel Connection Protocol, select Encrypted, to enable authentication and encryption for tunnel connections.
- The Force all data (along with control) traffic into the tunnel option is not required, as this route is not toward the MediaAgent.
- Click OK repeatedly until all dialog boxes are closed.
- Under Client Computers, right-click the client, then click All Tasks > Push Firewall Configuration.
- Click Continue.
- Click OK. The client is configured to communicate with the CommServe and MediaAgent.
- Verify that your firewall configuration was pushed successfully by checking the Event Viewer window.
Note: Outgoing routes are automatically created for direct connections. However, you might want to set up outgoing routes to enable HTTPS encryption for data traffic, or to encrypt data connections by forcing connections into the tunnel. To set up outgoing routes from any host, see Configuring Outgoing Tunnel Connections.
The client has been configured to open tunnel connections with the CommServe computer and MediaAgent.