Loading...

Configuring the Client for Two-Way Firewall

You must configure the client to initiate connections with the CommServe computer and MediaAgent. This configuration is necessary to enable backup and restore operations on the clients.

During the firewall configuration, you will set incoming connections from the CommServe and MediaAgent computers as Restricted.

Before You Begin

You must have configured the CommServe computer and MediaAgents to receive communications from the client.

Procedure

  1. From the CommCell Browser, expand Client Computers, right-click the client, and then click Properties > Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings, then the Advanced option. Click OK to acknowledge the warning and continue.
  3. Click Add to enter the CommServe connection details. The Connections to dialog box appears.
    1. In the From list, select the name of the CommServe computer.
    2. In the State list, select RESTRICTED since the Client can connect to the CommServe. (Restricting or Blocking Connections explains the RESTRICTED setting.)
    3. Click OK to close the Connections to dialog.
  4. Click Add to enter the MediaAgent connection details.
    1. In the From list, select the name of the MediaAgent computer.
    2. In the State list, select RESTRICTED since the Client can connect to the CommServe. (Restricting or Blocking Connections explains the RESTRICTED setting.)
    3. Click OK to close the Connections dialog.
  5. Click the Incoming Ports tab. In the Listen for tunnel connections on port box, set the incoming port number on which the firewall will allow connections from the CommServe and the MediaAgent.
  6. Optional: Set additional incoming ports:
    1. In the From box, enter a starting number in a port range.
    2. In the To box, enter an ending number in a port range.
    3. Click Add.
  7. Notes:

    • For backups to MediaAgents with Optimize for concurrent LAN backups option unchecked, opening additional incoming ports improves the backup performance. The number of open ports should correspond to the number of simultaneously running backup streams.
    • For ContinuousDataReplicator clients, opening additional incoming ports improves the replication performance.
  8. Verify that your firewall configuration was pushed successfully by checking the Event Viewer window.

Note: Outgoing routes are automatically created for direct connections. However, you might want to set up outgoing routes to enable HTTPS encryption for data traffic, or to encrypt data connections by forcing connections into the tunnel. To set up outgoing routes from any host, see Configuring Outgoing Tunnel Connections.

Result

The CommServe computer, MediaAgent, and client have been configured to establish direct connections between each other.