Configuring Firewall for 1-Touch Recovery

Firewalls provide security by blocking unauthorized access to networked computing and communications resources. Internet Protocol (IP) ports are configured in firewalls, permitting specific kinds of information to flow to and from opened IP address:port combinations, in specific directions (in, out or both). Firewall functionality is most often provided by either a stand-alone network appliance, or firewall software running on a general-purpose computer.

Commvault provides additional firewall protection for the Commvault application software, which you configure from the CommCell Console.

Procedure

  1. Choose one of the following methods to configure firewall on the CommServe depending on your requirement:

  2. Create a Client Computer Group and add the source 1-Touch client computers to the <Client Computer Group>.

  3. On the CommCell Browser, right-click the CommServe and click Properties. The CommCell Properties dialog box appears.

  4. In the CommCell Properties dialog box:

    1. Click the Network Route Configuration tab and click the Configure Network Route Settings check box.

    2. Click Add. The Connections to CommServe dialog box opens.

    3. In the Connections to CommServe dialog box:

      • In the From box, select the newly-created client group.

      • In the State box, select Restricted.

      • Click OK.

    4. Click OK.

  5. Right-click the Client Computer Group and click Properties.

    The Client Group Properties dialog box opens.

  6. Click Network.

    The Network Properties dialog box appears.

  7. Select the Configure Network Route Settings check box, and click Advanced.

    A Warning dialog box appears.

  8. Click OK on the Warning dialog box, and then click Add.

    The Connections to Client_Group_Name dialog box appears.

  9. In the From box, type or select a client or client group that has firewall restrictions to communicate with the CommCell entity.

  10. In the To box, select Restricted.

  11. Click OK.

Limitations

  • During a perimeter network (also called a DMZ) using a Commvault network gateway configuration, only the proxy computer can initiate a connection.

  • In the Certificate Administration dialog box, Force per-client certificate authentication on CommServe option must be set to No. If the option is set to Yes, the network route configuration will not work.

  • If you have data interface pairs (DIPs) configured on your CommCell, make sure that you remove them. For instructions, see Deleting Data Interface Pairs.

Loading...