> Documentation > CommCell Management > Services

TCP Ports Used for Services

Commvault TCP ports can be statically or dynamically assigned.

Static Ports

Several services used by the software listen for incoming network traffic on predefined network ports. The CommServe server, MediaAgents, and agents within the CommCell group communicate with each other through these ports. Essential CommServe server services are automatically assigned registered, static port numbers during installation. MediaAgents, agents, and other software components can use the same default static port numbers or any static port numbers specified during installation.

For the services listed, the software registers the following ports by default:

Note

If there is a firewall between the client and the CommServe server or MediaAgent, make sure that the tunnel port (default = 8403) is open bidirectionally. The tunnel port is equal to the port number of the CVD plus 3 (for example, if the port number of the CVD is 8400, then the tunnel port equals 8403). In addition, if there are traffic-pattern rules in third-party firewalls, these rules must also be disabled.

Service

Port Number

Protocol

Commvault Communications Service (GxCVD, found in all client computers)

8400

TCP

Commvault Server Event Manager (GxEvMgrS, available in CommServe)

8401

TCP

Commvault Firewall (GxFWD, tunnel port for HTTP/HTTPS)

8403

TCP

Note

  • For the CommServe computer: The CommServe cvfwd.exe process is hard-coded to bind to port 8403. This is done so that laptop clients can create a tracking tunnel towards the Commserve on this port when a firewall is not configured explicitly between the CommServe and the client. The laptop clients use this tracking tunnel to inform the CommServe about client online messages.

  • For CommServe computers using the LiveSync operation for disaster recovery, the production and standby CommServe hosts communicate with each other using port 8408 on the SQL client instance. A default topology, Firewall Topology created for failover clients, is created for communication between the production and standby CommServe hosts using port 8408. This topology is created irrespective of the option selected for communication.

  • For all other clients: The cvfwd.exe process is hard-coded to bind to a tunnel port. The tunnel port is by default configured to use the port number of the CVD plus 3. For example, if the port number of the CVD is 8400, then the tunnel port equals 8403 (that is, 8400 plus 3). The tunnel port is used for automatic tunneling.

  • For automatic tunneling, note the following:

    • Whenever there is a port restriction in place via network address translation (NAT) or firewall, and explicit network routes are not configured, Commvault automatically creates an on-demand tunnel to the destination client as long as the tunnel port (CVD port plus 3) is open bidirectionally between the source and destination clients. Therefore, you do not need to create a two-way network route even when there is a port restriction in place. [Note: The tunnel port (CVD plus 3; default = 8403) should be open bidirectionally.]

    • Automatic tunneling uses the HTTP tunnel protocol. For more information, see the following:

For information on binding services to static ports, see Binding Services to Static Ports.

Dynamic Ports

Dynamic ports are opened and closed by the running Commvault software to permit certain types of transient traffic. Commvault uses the dynamic port range that is set at the OS level, no matter which OS you are using.

The GxCVD service dynamically uses free ports between 49152 and 65535 to communicate during data protection and data recovery jobs. The system dynamically assigns a number of free ports to be used by each job to allow parallel data movement. After the job is finished, if no other job is pending, the dynamic ports are released.

If you have a large CommCell environment and you want to increase the range of dynamic ports, log on to the CommServe computer, open the command prompt, and then enter the following command:

 
netsh int ipversion set dynamicportrange transportprotocol start=startnumber num=totalnumber store=storevalue

Where:

  • ipversion is the IP protocol (IPv4 or IPv6)

  • transportprotocol is the transport protocol (TCP or UDP)

  • startnumber is the starting port number (for example, 10000)

  • totalnumber is the total number of ports (for example, 1000)

  • storevalue is active (store until next boot) or persistent (store permanently)

Note

  • During new installations of the CommServe computer and the MediaAgent, this command is run automatically to facilitate a larger dynamic port range (depending on the OS version).

  • Network TCP port requirements remain the same whether the IPv4 or IPv6 protocol family is used.

  • Dynamic port range can be used by a client for internal and external communication.

  • Use of dynamic port range by Commvault services may be restricted internally by binding services to open ports. For more information, see Binding Services to Open Ports.

  • If use of dynamic ports for external communication is restricted by firewall, see Network Routes for more information.

  • During new installations of the CommServe computer and the MediaAgent, this command is run automatically to facilitate a larger dynamic TCP port range (between 33535 and 65535). You do not need to run this command manually.

  • If you want to skip the modification of this dynamic TCP port range, see Skipping the Modification in Dynamic Port Range.

Ports Required During Fresh Installation

For ports required during a fresh installation, see "Review Firewall and Network Port Requirements" in Prerequisites for Installations Using the CommCell Console.

Loading...