You can enable, disable, and encrypt automatic tunneling for a client computer or client group.
Note the following:
-
Automatic tunneling is enabled by default.
-
All control traffic uses tunnel.
-
If the MediaAgent CVD is open in the network (port 8400), pipeline/data traffic uses a direct connection. On failure, it uses tunnel.
-
To force automatic tunneling to route all traffic via tunnel, use the nCLNT_FORCE_TUNNEL additional setting. With nCLNT_FORCE_TUNNEL set to 1, all traffic will always use the tunnel by default, whether a direct connection is available or not.
-
The nCLNT_FORCE_TUNNEL additional setting forces network traffic to go through a single tunnel port. The tunnel port is equal to the port number of the CVD plus 3. For example, if the port number of the CVD is 8400, then the tunnel port equals 8403.
-
When network routes are not explicitly defined, automatic tunneling (or forced tunneling via the nCLNT_FORCE_TUNNEL additional setting) is used.
-
You can encrypt automatic tunneling by using the nAUTO_TUNNEL_PROTO additional setting. The default automatic tunnel protocol is HTTP, but if you want to encrypt automatic tunnel traffic then use this additional setting with a value of HTTPS.
Before You Begin
Verify that the tunnel port is reachable from both sides.
Procedure
-
To enable or disable automatic tunneling, add the nCLNT_FORCE_TUNNEL additional setting to a client computer or to a client group as shown in the following table.
For information about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
Additional setting
Category
Type
Value
Firewall
Integer
0: Do not enforce automatic tunneling
1: Enforce automatic tunneling
Note
If you upgrade a client that is at Feature Release 11.21 or earlier to Feature Release 11.22 or later, the default value of the nCLNT_FORCE_TUNNEL additional setting is 0. To enforce automatic tunneling on upgraded clients, delete this key.
-
To encrypt automatic tunneling, add the nAUTO_TUNNEL_PROTO additional setting (with a value of HTTPS) to a client or to a client group as shown in the following table.
For information about adding an additional setting from the CommCell Console, see Adding an Additional Setting from the CommCell Console.
|
Additional setting |
Category |
Type |
Value |
|---|---|---|---|
|
Firewall |
String |
HTTPS: Encrypts automatic tunneling Note For information about other network protocols, see Configuring Outgoing Tunnel Connections. |