Configuring Windows Firewall to Allow CommCell Communication

Windows Firewall, the built-in firewall included in Windows operating systems, can be configured to allow CommCell communication by adding CommCell programs and services to the Windows Firewall Exception list. After CommCell programs are added to the Exception list, the Windows Firewall allows external network connections to the CommCell Console.

After installation, you can later configure Windows Firewall using AddFWExclusions.bat program. The AddFWExclusions.bat program should be run through the client computer's command prompt to prevent adding system32 executables to the firewall exception list, as the default system environment variable may be triggered. You can also run the AddFWExclusions.bat program using GPO or SCCM if needed.


Perform the following steps on each client computer.


If the firewall configuration is reset on a client computer for any reason (this can happen, for example, when the computer is moved from a workgroup to a domain), then the firewall exclusions must be added again using the following procedure.

  1. While logged in as an administrator, open the command prompt on the client computer.

  2. Navigate to the software_installation_path/Base folder.

  3. Run the AddFWExclusions.bat file to execute the commands.

    All applicable CommCell communication programs and services will be added to Windows Firewall Exception List.


    Since the Message Queue does not reside in the base folder, the Message Queue ports on the CommServe computer will not be added to the Windows Firewall Exception List. Depending on your configuration, you may need to open additional firewall ports on the CommServe computer. For more information, see Port Requirements for Commvault.