The Commvault network gateway is a special configuration in which a dedicated Commvault agent is placed in a perimeter network that is configured to allow connections (from inside and outside networks) into the perimeter network. The network gateway (the agent running in the perimeter network) authenticates, encrypts, and allows the tunnel connections it accepts to connect the clients operating outside of the private network to clients operating inside of it. The Commvault network gateway supports NAT operations.
The Commvault network gateway acts like a Private Branch Exchange (PBX) that sets up secure conferences between dial-in client calls. With this setup, network routes can be configured to disallow straight connections between inside and outside networks.
The following diagram illustrates a perimeter network setup in which a client (client.company.com) operating outside of the private network communicates with the CommServe (commserve.company.com) and MediaAgent (mediaagent.company.com) through the Commvault network gateway (mynetworkgateway.company.com).
Note
-
A one-way direct connection (either client to server or server to client), which creates persistent tunnel connections, must be configured to or from the Commvault network gateway.
-
A two-way direct connection, which creates on-demand tunnel connections, is not supported. It is recommended that the clients and CommServe host or MediaAgent be configured to open connections toward the Commvault network gateway.
-
By default, the Commvault software uses port 8403 for network communications.
Review Network Zoning
Network zoning adds security checks for connections that are attempted via network gateways. By default, network zoning is enabled, and it will not allow any cross-tenant communication. You can turn this feature off.
For more information, see Network Zoning.
Determine the Network Configuration Method to Use
You can set up direct connection routes by using one of the following configuration methods:
-
Preferred Method: Using a predefined network topology
If you want to simplify the amount of network configuration steps, you can use the predefined network topology for network gateway connections. This is useful if the connection is client group-to-client group.
For more information, see Setting Up Network Gateway Connections Using a Predefined Network Topology.
-
Alternative Method: Using the basic or advanced network settings
If the predefined network topology does not meet your needs, you can use the basic or advanced network settings to set up network gateway connections.
For more information, see one of the following configurations:
-
Setting up Network Gateway Connections Using Basic Network Settings
-
Setting up Network Gateway Connections Using Advanced Network Settings
Note
For roaming clients, if the clients are inside the network, configure the network to use direct connections. If the clients are outside the network, configure the network to use a network gateway. Follow the steps in Basic Network Settings and select the May travel outside of CommServe network option.
-