You can use the nBindToLoopback additional setting to prevent external machines from communicating with local Commvault services. This forces Commvault services (except Cvfwd and EvMgrs) to bind to localhost loopback interface (127.0.0.1) only.
This setting is applicable to individual clients or to a client group.
Considerations
-
If the nBindToLoopback additional setting is added to an NDMP MediaAgent, NDMP backups will not work.
-
When this additional setting is enabled, the following services will still listen on all interfaces. You can configure a port-forwarding gateway if the Web Console/Command Center client does not have direct access to the following services. For more information, see Port-Forwarding Gateways.
-
Commvault Index Server (Apache Solr) Data Analytics (default port = 20000). Web Console/Command Center requires access to view statistical information about unstructured data, such as files and emails.
-
Commvault Messaging Queue (default port = 8052). Web Console/Command Center requires access for push notifications of jobs, events, and alerts.
-
Commvault MongoDB service (default port = 27017). Web Server uses MongoDB as the cache for quick responses for Command Center pages.
-
Commvault Monitoring (default port = 8090, 8091 and 8097). Web Console/Command Center requires access to trigger alerts for critical service interruptions on High Availability Computing clients.
-
Commvault Server Event Manager (default port = 8401). CommCell Console requires access for remote login to work.
-
Custom Report Engine (default port = 80). Web Console/Command Center requires access for custom reports to work.
-
Web Server (default port = 81). Web Console/Command Center requires access to web services.
-
Procedure
-
Follow the steps described in Adding or Modifying Additional Settings from the CommCell Console, using the following parameters:
Property Value Name nBindToLoopback Category ~ (Instance00*) Type Integer Value 1 -
Restart all Commvault services.