Loading...

Configuring the Clients to Communicate with the CommServe Computer and MediaAgents Through the Port-Forwarding Gateway

You must configure the firewall connections that the clients should establish with the CommServe and MediaAgent computers. This configuration is necessary to enable backup and restore operations on the clients.

Key firewall configurations in this procedure:

  • Incoming connections from the CommServe and MediaAgent computers are Blocked.

  • Outgoing routes are configured through the gateway.

Before You Begin

  • You must have configured the CommServe computer and MediaAgents to recognize the client connections through the port-forwarding gateway.
  • Any additional destination port specified in the outgoing connection routes of the client must also be defined in the incoming port list of the CommServe and MediaAgent computers.

Procedure

  1. From the CommCell Browser, expand Client Computers, right-click the client, and then click Properties > Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings, then the Advanced option. Click OK to acknowledge the warning and continue.
  3. Click Add to enter the CommServe computer connection details.
    1. In From, select the name of the CommServe computer that is behind the gateway.
    2. In State, select BLOCKED, since the CommServe does not open connections toward the client. Click OK.
  4. Click Add again to specify the MediaAgent connection details.
    1. In From, select the name of the MediaAgent computer behind the gateway.
    2. In State, select BLOCKED, since the MediaAgent does not open connections towards the client. Click OK.
  5. Click the Outgoing Routes tab, then click Add to specify the outgoing connection route from this client towards the CommServe computer.
  6. Select the CommServe computer from the Remote Group/Client list, then select Via Gateway under Route Type.

    Note: If you want to enable encryption and authentication for tunnel connections, locate the Tunnel Connection Protocol section, and click Encrypted.

  7. In the Gateway Hostname and Gateway Tunnel Port boxes, specify the gateway hostname and port through which you can reach the CommServe. For example, in the diagram displayed above, hostname gateway.company.com and port number 443 are used.
  8. If you want to configure additional destination ports, make sure that these ports are also defined on the CommServe. Then you can establish mappings between those ports on the CommServe and the ports on the gateway that the client will connect to. Under Additional destination port mapping, enter the incoming gateway port in the GW Port box and the mapping destination port in the Destination Port box. Click Add to add the port mapping. See Optimizing Backup and Restore using Additional Ports for details.

    The ports must be within the range of 1024 - 65000. Make sure the ports you specify are not used by other applications.

  9. Click OK.
  10. Click Add again to specify the outgoing connection route from this client towards the MediaAgent.
    1. Select the MediaAgent computer from the Remote Group/Client list.
    2. Select Via Gateway under Route Type.
    3. Select Force all data (along with the control) traffic into the tunnel to force the data traffic into the tunnel.
    4. If you want to enable encryption and authentication for tunnel connections, locate the Tunnel Connection Protocol section, and click Encrypted.
  11. Provide these gateway settings:
    1. In the Gateway Hostname box, enter the gateway hostname through which you can reach the CommServe. In the example shown above, it is gateway.company.com.
    2. In the Gateway Tunnel Port box, specify the port through which the MediaAgent can be reached. In the example shown above, the port number is 444.
    3. If you want to configure additional destination ports, make sure that these ports are also defined on the MediaAgent, then you can establish mappings between those ports on the MediaAgent and the ports on the gateway which the client will connect to. Under Additional destination port mapping, specify the incoming gateway port in the GW Port box and the mapping destination port in the Destination Port box. Click Add to add the port mapping.

      The ports must be within the range of 1024 - 65000. Ensure that the ports specified here are not used by other applications.

    4. Click OK.
  12. In the CommCell Browser, right-click the client name and click All Tasks > Push Firewall Configuration.
  13. Read the warning, then click Continue to acknowledge it and continue.
  14. Read the confirmation and click OK.
  15. In the CommCell Console, right-click the client computer name, then click All Tasks > Check Readiness. Confirm the results shown in the Client Connectivity dialog box.

    If the client computer does not pass the readiness check, verify your settings against the above recommendations and revise them as required. If you have verified the settings, and the client is still not ready, check items on the Troubleshooting page related to connectivity.

Result

The CommServe computer, MediaAgents, and clients have been configured to establish communications with each other through a port-forwarding gateway.