Network Gateway in a Perimeter Network

The Commvault network gateway is a special configuration in which a dedicated Commvault agent is placed in a perimeter network that is configured to allow connections (from inside and outside networks) into the perimeter network. The network gateway (the agent running in the perimeter network) authenticates, encrypts, and allows the tunnel connections it accepts to connect the clients operating outside of the private network to clients operating inside of it. The Commvault network gateway supports NAT operations.

The Commvault network gateway acts like a Private Branch Exchange (PBX) that sets up secure conferences between dial-in client calls. With this setup, network routes can be configured to disallow straight connections between inside and outside networks.

The following diagram illustrates a perimeter network setup in which a client (client.company.com) operating outside of the private network communicates with the CommServe (commserve.company.com) and MediaAgent (mediaagent.company.com) through the Commvault network gateway (mynetworkgateway.company.com).

Network Gateway in a Perimeter Network (4)

Note

  • A one-way direct connection (either client to server or server to client), which creates persistent tunnel connections, must be configured to or from the Commvault network gateway.

  • A two-way direct connection, which creates on-demand tunnel connections, is not supported. It is recommended that the clients and CommServe host or MediaAgent be configured to open connections toward the Commvault network gateway.

  • By default, the Commvault software uses port 8403 for network communications.

Review Network Zoning

Network zoning adds security checks for connections that are attempted via network gateways. By default, network zoning is enabled, and it will not allow any cross-tenant communication. You can turn this feature off.

For more information, see Network Zoning.

Determine the Network Configuration Method to Use

You can set up direct connection routes by using one of the following configuration methods:

Other Network Configurations

Loading...