You can use the nBindToLoopback additional setting to prevent external machines from communicating with local Commvault services. This forces Commvault services (except Cvfwd) to bind to localhost loopback interface (127.0.0.1) only.
This setting is applicable to individual clients or to a client group.
Note
-
If the nBindToLoopback additional setting is added to an NDMP MediaAgent, NDMP backups will not work.
-
When this additional setting is enabled, remote CommCell Console console login using the CommServe hostname won't work. For remote CommCell Console login to work, you must configure a port-forwarding gateway to access the CommCell Console. For more information, see Configuring Access to the CommServe Computer Using a Port-Forwarding Gateway.
-
When this additional setting is enabled, the following services will still listen on all interfaces. You can configure TPPM if the Web Console/Command Center client does not have direct access to the following services. For more information, see Third-Party Port Mappings:
-
Web Server (default port = 81). Web Console/Command Center requires access to web services.
-
Custom Report Engine (default port = 80). Web Console/Command Center requires access for custom reports to work.
-
Commvault Messaging Queue (default port = 8052). Web Console/Command Center requires access for push notifications of jobs, events, and alerts.
-
Commvault Index Server (Apache Solr) Data Analytics (default port = 20000). Web Console/Command Center requires access to view statistical information about unstructured data, such as files and emails.
-
Commvault Monitoring (default port = 8090, 8091 and 8097). Web Console/Command Center requires access to trigger alerts for critical service interruptions on High Availability Computing clients.
-
Procedure
-
Follow the steps described in Adding or Modifying Additional Settings from the CommCell Console, using the following parameters:
Setting Name
Category
~ (Instance00*)
Type
INTEGER
Value
1
-
Restart all Commvault services.