Loading...

Firewall Ports

For CommCell components to communicate across a firewall, the network TCP port numbers you select must be configured on your firewall. This specifically includes tunnel ports and additional ports.

Tunnel Port: This is the incoming port number through which the CommServe receives bidirectional tunnel connections. Port 8403 is the default for Commvault software, but it can be configured to another port number. The incoming connections port is in the Override default tunnel port box. For information about accessing the Override default tunnel port box, see Updating Incoming Ports on the CommServe and MediaAgent.

Additional Open Ports: You can speed up data transfer for components that handle it (for example, MediaAgent or File System Agent), by opening additional bidirectional ports on the firewall, and configuring them as open in this dialog. Specify the range of ports in the Additional open ports area, in the From and To fields. Click Add to add the ports. To remove a port from the listing, select the port and then click Delete. The ports must be within the range of 1024 to 65535. Ensure that the ports specified here are not used by other applications.

For more information on additional open ports, see Opening Additional Ports.

The following tables list bidirectional network ports that must be opened for proper functionality of Commvault software when firewalls or port restrictions are in place.

From

To

Port (Protocol)

Description

Clients (all)

MediaAgent

8400 (TCP)

CVD

Clients (all)

Network gateway

8403 (TCP)

Network gateway tunnel port

MediaAgent

Network gateway

8403 (TCP)

Network gateway tunnel port

CommServe

Network gateway

8403 (TCP)

Network gateway tunnel port

Clients (all)

MediaAgent

8500 to 8600 (TCP)

Data transfer (See Optimizing Backup and Restore Operations Using Additional Ports)

Third-Party Ports

 

 

 

CommServe

SMTP host

25 (TCP)

Mail

Metrics Server

SMTP host

25 (TCP)

Mail

Web Server

SMTP host

25 (TCP)

Mail

Active Directory

Clients (all)

53 (TCP, UDP)

DNS Lookup  

Web Console

Web Server

80 (TCP)

Web Console API

Active Directory

Clients (all)

88 (TCP/UDP)

Kerberos

Active Directory

Clients (all)

123 (UDP)

NTP / W32Time

MediaAgent

Storage

137 to 139

CIFS

CommServe

Ionix (SNMP)

161, 162 (UDP)

SNMP Monitoring

Active Directory

Clients (all)

389 (TCP/UDP)

LDAP

Clients (all)

Web Console

443 (TCP)

Tomcat SSL

CommServe

Metrics Server

443 (TCP)

Tomcat requests

MediaAgent

Storage

443

HTTPS

MediaAgent

Storage

445

NETBIOS

Active Directory

Clients (all)

464 (TCP/UDP)

Kerberos Password

Active Directory

Clients (all)

636 (TCP)

LDAP SSL

Web Server

CommServe

1433 (TCP)

 

Web Server

CommServe

1434 (UDP)

MSSQL DNS

Active Directory

Clients (all)

3268, 3269 (TCP)

GAB SSL

1-Touch for Linux

Clients (all)

8111, 8112

Use 8111 and 8112 ports to avoid conflict with existing client computers that use the same IP or DNS name in the CommCell environment or when you have a firewall configured between clients.

1-Touch for Windows

Clients (all)

9400, 9401

Use 9400 and 9401 ports to avoid conflict with existing client computers that use the same IP or DNS name in the CommCell environment or when you have a firewall configured between clients.

C-Mode NetApp Filer

Proxy machine

10200

Client managers listen at this port for incoming connections from NetApp filer.

Clients (all)

Index Server

20000 (TCP)

Index Server

Web Console

Commvault Messaging Queue

61600 (TCP)

Messaging traffic (push notifications related to alerts, events, and jobs). See Configuring Access to Active Messaging Queue Using TPPM.

Note: You may use third-party port mappings to avoid opening the ports listed in the preceding table.

Last modified: 10/3/2019 2:56:56 PM