> Expert > CommCell Management > Network > Network Routes > Configuring Network Routes After Installation > Network Gateway in a Perimeter Network > Configuring Cascading Network Gateway Connections

Configuring Cascading Network Gateway Connections Using Advanced Network Settings

Updated

You can configure cascading network gateway connections using advance network settings.

The network gateways are configured between CommCell entities, such as the CommServe computer and client displayed in the following diagram:

Configuring a Cascading Network Gateway Topology (1)

Use this procedure to configure incoming and outgoing connections on the four CommCell entities that are shown in the diagram: CommServe computer, Network gateway 1, Network gateway 2, and Client.

Note

Although the diagram and procedure describe a CommServe computer and a client, the two CommCell entities can be any combination of CommServe computer, MediaAgent, and client.

Before You Begin

The Commvault network gateway computers must be configured.

Procedure

Step 1: Configure the CommServe host

Configure the rules for the CommServe computer to block incoming connections from Network gateway 1, and then force outgoing connections through the VPN tunnel to Network gateway 2 through Network gateway 1, and to the client through Network gateway 1.

  1. Log on to the CommServe host, using an account with administrator rights.

  2. Expand Client Computers, then right-click the CommServe> Properties, and then click Network.

  3. On the Network Route Configuration tab, select Configure Network Route Settings.

  4. Block incoming connections from Network gateway 1:

    1. On the Incoming Connections tab, click Add.

    2. Click the From list, then select the client name of your Network gateway 1 server.

    3. Click the State list, then select BLOCKED.

    4. Click OK.

  5. Force outgoing connections to Network gateway 2 that come through Network gateway 1 into the tunnel:

    1. Click the Outgoing Routes tab, then click Add.

    2. Click the Remote Group/Client list, then select the client name of your Network gateway 2 server.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. In the Network Gateway Settings area, click the Remote Network Gateway list, then select the client name for your Network gateway 1 server.

    5. Click OK.

  6. Force outgoing connections to the client that come through Network gateway 1 into the tunnel:

    1. Click Add.

    2. Click the Remote Group/Client list, then select the client name.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. Click the Network Gateway Settings > Remote Network Gateway list, then select the client name for your Network gateway 1 server.

    5. Click OK.

Step 2: Configure Network gateway 1

Configure the network rules for Network gateway 1 to restrict incoming connections from both the CommServe computer and Network gateway 2, and then force the outgoing connection to the client through Network gateway 2 through the VPN tunnel.

  1. Under Client Computers, right-click Network gateway 1 > Properties, and then click Network.

  2. On the Network Route Configuration tab, select Configure Network Route Settings.

  3. Select Advanced, then click OK.

  4. Restrict incoming connections from the CommServe host:

    1. On the Incoming Connections tab, click Add.

    2. Click the From list, then select the client name of your CommServe host.

    3. Click the State list, then select RESTRICTED.

    4. Click OK.

  5. Restrict incoming connections from Network gateway 2:

    1. Click Add.

    2. Click the From list, then select the client name of your Network gateway 2 server.

    3. Click the State list, then select RESTRICTED.

    4. Click OK.

  6. Force outgoing connections to the client through Network gateway 2, into the tunnel:

    1. Click the Outgoing Connections tab, then click Add.

    2. Click the Remote Group/Client list, then select your client name.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. Click the Network Gateway Settings > Remote Network Gateway list, then select the client name of your Network gateway 2 server.

    5. Click OK.

Step 3: Configure Network gateway 2

Configure the network rules for Network gateway 2 to restrict incoming connections from Network gateway 1 and the client, and then force the outgoing connection to the CommServe computer through Network gateway 1.

  1. Under Client Computers, right-click Networkgateway2 > Properties, and then click Network.

  2. On the Network Route Configuration tab, select Configure Network Route Settings.

  3. Select Advanced, then click OK.

  4. Restrict incoming connections from Network gateway 1:

    1. On the Incoming Connections tab, click Add.

    2. Click the From list, then select the client name of your Network gateway 1 server.

    3. Click the State list, then select BLOCKED.

    4. Click OK.

  5. Restrict incoming connections from the client:

    1. Click Add.

    2. Click the From list, then select the name of your client.

    3. Click the State list, then select RESTRICTED.

    4. Click OK.

  6. Force outgoing connections to the CommServe host through Network gateway 1, into the tunnel:

    1. Click the Outgoing Connections tab, then click Add.

    2. Click the Remote Group/Client list, then select your CommServe client.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. Under Network Gateway Settings, click the Remote Network Gateway list, then select the client name for your Network gateway 1 server.

    5. Click OK.

Step 4: Configure the client

Configure the client’s network rules to block incoming connections from Network gateway 2, and then force outgoing connections through the VPN tunnel to Network gateway 1 through Network gateway 2, and to the CommServe computer through Network gateway 2.

  1. Under Client Computers, right-click the client > Properties, and then click Network.

  2. On the Network Route Configuration tab, select Configure Network Route Settings.

  3. Block incoming connections from Network gateway 2:

    1. On the Incoming Connections tab, click Add.

    2. Click the From list, then select the client name of your Network gateway 2 server.

    3. Click the State list, then select BLOCKED.

    4. Click OK.

  4. Force outgoing connections to Network gateway 1 through Network gateway 2, into the tunnel:

    1. Click the Outgoing Connections tab, then click Add.

    2. Click the Remote Group/Client list, then select the client name of your Network gateway 1 server.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. Under Network Gateway Settings, click the Remote Network Gateway list, then select the client name for your Network gateway 2 server.

    5. Click OK.

  5. Force outgoing connections to the CommServe host through Network gateway 2, into the tunnel:

    1. Click Add.

    2. Click the Remote Group/Client list, then select the client name of your CommServe host.

    3. Under Route Type, select Via Network Gateway. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.

    4. Under Network Gateway Settings, click the Remote Network Gateway list, then select the client name for your Network gateway 2 server.

    5. Click OK.

Step 5: Push the network configurations

Push the network configurations in the following order:

  1. Client

  2. Network gateway 2

  3. Network gateway 1

  4. CommServe computer

To push the network configuration, right-click the CommCell entity from the CommCell Browser, and then click All Tasks > Push Network Configuration.