Setting up a One-Way Firewall (Server to Client) Using a Predefined Firewall Topology
You can create a topology instance where members of one client group can establish a connection to members in another client group.
Use this configuration on firewall environments where one or more server computers, such as the CommServe computer or MediaAgent, initiate connections to the client.
Before You Begin
- Make sure that the client groups that you want to use in the firewall topology instance are already defined in the CommCell Console.
- You must have Administrative Management permissions on the client groups that you plan to use in the firewall topology instance.
- From the CommCell Browser, right-click Firewall Topologies > New Topology.
The Firewall Topology dialog box is displayed.
- In the Topology Name box, enter a name for this instance of a one-way firewall.
- Optional: In the Description box, enter a description for this topology.
- For Topology Type, click One-Way.
- From the Infrastructure Client Group list, select the client group that will initiate connections with members of the DMZ Client Group.
- From the DMZ Client Group list, select a client group that will receive connection requests from members of the Infrastructure Client Group.
- Click OK.
What to Do Next
- Create a placeholder for the client that will receive connections from the CommServe computer:
Tip: If you need to create multiple placeholders, run the Client Certificate Administration Workflow.
From the CommCell Browser, right-click the Client Computers node, then click New Client > File System > [Windows or Unix].
- In the New Windows Client window, enter a Client Name and Host Name for the proxy computer. These details will also be used during your Commvault proxy installation.
- Click Next.
- Confirm the information shown under Summary, then click Finish.
- Add the placeholder client to the DMZ client group that you specified in the firewall topology:
- From the CommCell Browser, expand Client Computer Groups, right-click the DMZ_client_group and then click Properties.
- In the properties dialog box, select the placeholder client from the All clients list, click Include >, and then click OK.
- Push the firewall configuration on the trusted client group, the placeholder client, the CommServe computer, and the MediaAgent computer. For example:
- From the CommCell Browser, expand Client Computer Groups, right-click the DMZ_client_group and then click All Tasks > Push Firewall Configuration.
- When the Warning dialog box appears, click Continue.
A notification appears indicating that the push firewall operation was successful. Click OK to close the notification.
- Install the Commvault software on the placeholder client.
For firewall instructions during the installation, see Setting Up Direct Connections from the CommServe Computer to the Client.
- From the CommCell Browser, right-click the firewall topology that you configured, click Push Firewall Configurations, and then click OK.