V11 SP8
Loading...

Configuring a Cascading Dual Proxies Topology

You can define multiple dual-proxy paths between two CommCell entities. The dual-proxy paths can be set as alternate routes so that the two CommCell entities can connect to each other. The following diagram provides a representation of this configuration:

Use this procedure to configure incoming and outgoing connections on the six CommCell entities that are shown in the diagram: CommServe computer, Proxy 1 to 4, and Client.

Note: Although the diagram and procedure instructions depict a CommServe computer and a client, the two CommCell entities can be any combination of CommServe computer, MediaAgent and client.

Before You Begin

The Commvault proxy computers must be configured.

Procedure

Expand All

Step 1: Configure the CommServe Computer

Configure the firewall rules on the CommServe computer as follows:

  • Block incoming connections from Proxy 1, and then force outgoing connections through the VPN tunnel to Proxy 2 to go through Proxy 1, and to the client through Proxy 1.
  • Block incoming connections from Proxy 3, and then force outgoing connections through the VPN tunnel to Proxy 4 to go through Proxy 3, and to the client through Proxy 3.

Complete the following steps:

  1. Log on to the CommServe host, using an account with administrator rights.
  2. Expand Client Computers, then right-click the CommServe > Properties, then click Network.
  3. On the Firewall Configuration tab, select Configure Firewall Settings.
  4. Block incoming connections from Proxy 1:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 1 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  5. Force outgoing connections to Proxy 2 that come through Proxy 1 into the tunnel:
    1. Click the Outgoing Routes tab, then click Add.
    2. Click the Remote Group/Client list, then select the client name for your Proxy 2 server.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. In the Proxy Settings area, click the Remote Proxy list, then select the client name for your Proxy 1 server.
    5. Click OK.
  6. Force outgoing connections to the client that come through Proxy 1 into the tunnel:
    1. Click Add.
    2. Click the Remote Group/Client list, then select the client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 1 server. a. Click OK repeatedly until you have closed all dialog boxes.
  7. Block incoming connections from Proxy 3:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 3 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  8. Force outgoing connections to Proxy 4 that come through Proxy 3 into the tunnel:
    1. Click the Outgoing Routes tab, then click Add.
    2. Click the Remote Group/Client list, then select the client name for your Proxy 4 server.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. In the Proxy Settings area, click the Remote Proxy list, then select the client name for your Proxy 3 server.
    5. Click OK.
  9. Force outgoing connections to the client that come through Proxy 3 into the tunnel:
    1. Click Add.
    2. Click the Remote Group/Client list, then select the client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 3 server. a. Click OK repeatedly until you have closed all dialog boxes.

Step 2: Configure Proxy 1

Configure the firewall rules for Proxy 1 to restrict incoming connections from both the CommServe computer and Proxy 2, and then force the outgoing connection to the client through Proxy 2 through the VPN tunnel.

  1. Under Client Computers, right-click Proxy 1 > Properties, and then click Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings.
  3. Select Advanced, then click OK.
  4. Restrict incoming connections from the CommServe host:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your CommServe host.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  5. Restrict incoming connections from Proxy 2:
    1. Click Add.
    2. Click the From list, then select the client name for your Proxy 2 server.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  6. Force outgoing connections to the client through Proxy 2, into the tunnel:
    1. Click the Outgoing Connections tab, then click Add.
    2. Click the Remote Group/Client list, then select your client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 2 server.
    5. Click OK repeatedly until you have closed all dialog boxes.

Step 3: Configure Proxy 2

Configure the firewall rules for Proxy 2 to block incoming connections from Proxy 1, restrict connections from the client, and then force the outgoing connection to the CommServe computer through Proxy 1.

  1. Under Client Computers, right-click Proxy 2 > Properties, and then click Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings.
  3. Select Advanced, then click OK.
  4. Block incoming connections from Proxy 1:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 1 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  5. Restrict incoming connections from the client:
    1. Click Add.
    2. Click the From list, then select the name of your client.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  6. Force outgoing connections to the CommServe host through Proxy 1, into the tunnel:
    1. Click the Outgoing Connections tab, then click Add.
    2. Click the Remote Group/Client list, then select your CommServe client.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Under Proxy Settings, click the Remote Proxy list, then select the client name for your Proxy 1 server.
    5. Click OK repeatedly until you have closed all dialog boxes.

Step 4: Configure Proxy 3

Configure the firewall rules for Proxy 3 to restrict incoming connections from both the CommServe computer and from Proxy 4, and then force the outgoing connection to the client through Proxy 4.

  1. Under Client Computers, right-click the Proxy 3 > Properties, and then click Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings.
  3. Select Advanced, then click OK.
  4. Restrict incoming connections from the CommServe host:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your CommServe host.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  5. Restrict incoming connections from Proxy 4:
    1. Click Add.
    2. Click the From list, then select the client name for your Proxy 4 server.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  6. Force outgoing connections to the client through Proxy 4, into the tunnel:
    1. Click the Outgoing Connections tab, then click Add.
    2. Click the Remote Group/Client list, then select your client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 4 server.
    5. Click OK repeatedly until you have closed all dialog boxes.

Step 5: Configure Proxy 4

Configure the firewall rules for Proxy 4 to block incoming connections from Proxy 3, restrict connections from the client, and then force the outgoing connection to the CommServe computer through Proxy 3.

  1. Under Client Computers, right-click the Proxy 4 > Properties, and then click Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings.
  3. Select Advanced, then click OK.
  4. Block incoming connections from Proxy 3:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 3 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  5. Restrict incoming connections from the client:
    1. Click Add.
    2. Click the From list, then select the name of your client.
    3. Click the State list, then select RESTRICTED.
    4. Click OK.
  6. Force outgoing connections to the CommServe host through Proxy 3, into the tunnel:
    1. Click the Outgoing Connections tab, then click Add.
    2. Click the Remote Group/Client list, then select your CommServe client.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Under Proxy Settings, click the Remote Proxy list, then select the client name for your Proxy 3 server.
    5. Click OK repeatedly until you have closed all dialog boxes.

Step 6: Configure the Client

Configure the firewall rules on the client as follows:

  • Block incoming connections from Proxy 2, and then force outgoing connections through the VPN tunnel to Proxy 1 to go through Proxy 2, and to the CommServe computer through Proxy 2.
  • Block incoming connections from Proxy 4, and then force outgoing connections through the VPN tunnel to Proxy 3 to go through Proxy 4, and to the CommServe computer through Proxy 4.

Complete the following steps:

  1. Expand Client Computers, right-click the client > Properties, and then click Network.
  2. On the Firewall Configuration tab, select Configure Firewall Settings.
  3. Block incoming connections from Proxy 2:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 2 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  4. Force outgoing connections to Proxy 1 that come through Proxy 2 into the tunnel:
    1. Click the Outgoing Routes tab, then click Add.
    2. Click the Remote Group/Client list, then select the client name for your Proxy 1 server.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. In the Proxy Settings area, click the Remote Proxy list, then select the client name for your Proxy 2 server.
    5. Click OK.
  5. Force outgoing connections to the CommServe client that come through Proxy 2 into the tunnel:
    1. Click Add.
    2. Click the Remote Group/Client list, then select the client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 2 server. a. Click OK repeatedly until you have closed all dialog boxes.
  6. Block incoming connections from Proxy 3:
    1. On the Incoming Connections tab, click Add.
    2. Click the From list, then select the client name for your Proxy 3 server.
    3. Click the State list, then select BLOCKED.
    4. Click OK.
  7. Force outgoing connections to Proxy 1 that come through Proxy 2 into the tunnel:
    1. Click the Outgoing Routes tab, then click Add.
    2. Click the Remote Group/Client list, then select the client name for your Proxy 1 server.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. In the Proxy Settings area, click the Remote Proxy list, then select the client name for your Proxy 2 server.
    5. Click OK.
  8. Force outgoing connections to the CommServe client that come through Proxy 4 into the tunnel:
    1. Click Add.
    2. Click the Remote Group/Client list, then select the CommServe client name.
    3. Under Route Type, select Via Proxy. Note that Force all data (along with control) traffic into the tunnel is automatically selected also.
    4. Click the Proxy Settings > Remote Proxy list, then select the client name for your Proxy 4 server.
    5. Click OK repeatedly until you have closed all dialog boxes.

Step 7: Push the Firewall Configurations

Push the firewall configuration in the following order:

  1. Client
  2. Proxy 4
  3. Proxy 3
  4. Proxy 2
  5. Proxy 1
  6. CommServe computer

To push the firewall configuration, right-click the CommCell entity from the CommCell Browser, and then click All Tasks > Push Firewall Configuration.

What to Do Next

Configure the topology by setting up multiple connection routes through the parallel proxies as described in Configuring Multiple Connection Routes.