Network Router in the Cloud for Laptop Solutions: Setting Up Proxy Connections Using Firewall Topology
The firewall topology feature simplifies the firewall configuration by allowing you to set up group-to-group connectivity through a proxy. You can configure client groups to establish connections between themselves by using a firewall topology.
Before You Begin
- Make sure that the client groups that you want to use in the firewall topology instance are already defined in the CommCell Console.
- You must have Administrative Management permissions on the client groups that you plan to use in the firewall topology instance.
- From the CommCell Browser, right-click Firewall Topologies > New Topology.
The Firewall Topology dialog box is displayed.
- In the Topology Name box, enter a name for this instance of a proxy firewall arrangement.
- Optional: In the Description box, enter a description for this topology.
- For Topology Type, click Via Proxy.
- From the Trusted Client Group 1 list, select a client group that will initiate connections to the proxy group.
- From the Trusted Client Group 2 list, select another client group that will initiate connections to the proxy group.
- From the Proxy/DMZ Group list, select the client group that you want to designate as the proxy group.
- By default, all traffic originating from clients in the Trusted Client Group 1 are forced to use firewall routes when communicating to any other host. To allow external clients to communicate directly with other hosts, clear the Make clients from Trusted Client Group 1 use proxies for all traffic check box, or define firewall routes to the other hosts.
If you decide to have the Make clients from Trusted Client Group 1 use proxies for all traffic check box selected, review the following considerations:
- The CommServe host and all MediaAgent hosts (which will communicate with members of the Trusted Client Group 1) must be in the selected Trusted Client Group 2. Otherwise, you must define firewall routes to the other hosts.
- If you make changes to the Trusted Client Group 1, you do not need to push the firewall configuration.
- If a client communicates with MediaAgents (or CommServe) that are not part of the Trusted Client Group 2 or that have not been configured with other firewall routes, communications with the MediaAgent (or CommServe) will fail.
- Click OK.