Configuring the MediaAgents to Communicate with the CommServe Computer Through the Port-Forwarding Gateway

You must configure the MediaAgents to recognize the client connections through the port-forwarding gateway. This configuration is necessary to enable backup and restore operations on the clients.

During the firewall configuration, you will set incoming connections from the client as Restricted.

Before You Begin

  • You must have configured the CommServe computer to recognize the client connections through the port-forwarding gateway. For instructions, see Configuring the CommServe Computer.
  • Any additional destination port that you plan to specify for the clients must also be defined in the incoming port list of the MediaAgent computers.


  1. From the CommCell Browser, expand Client Computers, then right-click the MediaAgent, and then click Properties > Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings, then on the Incoming Connections tab, click Add.
  3. In From, select the client you just installed outside the gateway.
  4. In State, select Restricted, since the connection is restricted to coming through a gateway (see Configuring Third-Party Connections), and then click OK.
  5. On the Incoming Ports tab, locate the Listen for tunnel connections on port box, and enter port number 440.

    The gateway will forward connections to mediaagent.company.com:440 when the gateway receives them from outside on port 444.

  6. Additional Open Ports: You can speed up data transfer for components that handle it (such as MediaAgent or File System iDataAgent), by opening additional ports on the firewall, and configuring them as open in this dialog. Specify the range of ports in the Additional open ports area, in the From and To fields. Click Add to add the ports. To remove a port from the listing, select the port and click Delete. The ports must be within the range of 1024 - 65000. Ensure that the ports specified here are not used by other applications.

    For more information on additional open ports, see Optimizing Backup and Restore using Additional Ports.

  7. If you want to enable encryption and authentication for tunnel connections, click the Options tab and select the Force SSL authentication in incoming tunnel connections check box.

    The CommServe, MediaAgent, and client communications will occur in accordance with the HTTPS standard.

  8. Click OK.
  9. From the CommCell Browser, right-click the MediaAgent computer, then click All Tasks > Push Firewall Configuration.
  10. Read the warning, then click Continue to acknowledge it and continue.
  11. Read the confirmation and click OK.
  12. Verify that your firewall configuration pushed successfully by checking the Event Viewer window.

What to Do Next

Configuring the Clients