Loading...

Firewall Configurations for the Web Server

If a firewall is placed between CommCell components, you must update your configurations to allow communication between the components.

Connecting the Web Server and the CommServe

If a firewall is placed between the Web Server and the CommServe database, both the database and the firewall must be configured to allow traffic from the Web Server to the CommServe.

  1. Set static listener ports on the SQL Server instance of the CommServe database. For more information, consult the Microsoft TechNet article "Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager)".

    Although it is possible to query the SQL Server and set the firewall to allow the ports it is currently using, restarting the SQL Server instance can result in it using different (dynamic) ports, and therefore lost communication. Therefore, we recommend setting static ports.

  2. If firewall is configured in your environment, you must allow connectivity to the static port that you set in Step 1.
    • If you want to route ODBC connection requests through a network proxy using SnapProtect firewall settings, see Configuring Third-Party Connections Between Client Computers.

      During the configuration, you must provide the following details:

      • Source client: The Web Server computer.
      • Source port: Any port that you want to set as a third-party port (preferably the same as the destination port). This port will be defined in the outgoing route tppm=[Local_port] of the firewall configuration file.
      • Destination client: The CommServe computer.
      • Destination port: The static listening port that you set on the SQL Server instance.

      After the configuration, access the Web Server computer and update the connection parameters on the ODBC Data Source Administrator as follows:

      1. On the System DSN tab of the ODBC Data Source Administrator dialog box, select the cvcs_commserv system data source and then click Configure.
      2. When you reach the Microsoft SQL Server DSN Configuration page, click With Windows NT authentication using the network login ID and then click Client Configuration.
      3. On the Edit Network Library Configuration dialog box, modify the Server name to be 127.0.0.1\NetApp, and then clear the Dynamically determine port check box to enter the port number that you specified as the source port.

        Note: The source port number can be found in the outgoing route tppm=[Local_port] of the firewall configuration file.

      For instructions on how to use the ODBC Data Source Administrator, consult the Microsoft documentation.

    • If it is a Windows Firewall, consult Microsoft's TechNet article "Configure the Windows Firewall to Allow SQL Server Access".

      Make sure that you update the connection parameters in the ODBC Data Source Administrator to use the static port.

      1. On the System DSN tab of the ODBC Data Source Administrator dialog box, select the cvcs_commserv system data source and then click Configure.
      2. When you reach the Microsoft SQL Server DSN Configuration page, click With Windows NT authentication using the network login ID and then click Client Configuration.
      3. On the Edit Network Library Configuration dialog box, clear the Dynamically determine port check box to enter the static port number.
    • If it is a hardware-based firewall device, consult its manufacturer's documentation.

      Make sure that you update the connection parameters in the ODBC Data Source Administrator to use the static port.

      1. On the System DSN tab of the ODBC Data Source Administrator dialog box, select the cvcs_commserv system data source and then click Configure.
      2. When you reach the Microsoft SQL Server DSN Configuration page, click With Windows NT authentication using the network login ID and then click Client Configuration.
      3. On the Edit Network Library Configuration dialog box, clear the Dynamically determine port check box to enter the static port number.

Connecting the Web Server and the Web Console

If a firewall is placed between the Web Server and Web Console computer, see Configuring Access to the Web Server Using TPPM.