Entering Required Firewall Settings for the VSA with VMware

In an environment with firewalls, the vCenter, ESX servers, Virtual Server Agent, and MediaAgent must be able to communicate with each other. To ensure that all components can communicate through the firewall, ensure that the ports for web services (default: 443) and TCP/IP (default: 902) are opened for communication on each of these machines.

The following ports must be opened:

Port

Protocol

Description

From

To

443

SSL

The MediaAgent and VSA proxy communicate with the ESX server and vCenter through this port.

MediaAgent and VSA proxy

ESX server and vCenter

902

VMware NFC

The MediaAgent and VSA proxy communicate with the ESX server through this port.

MediaAgent and VSA proxy

ESX server

If the MediaAgent and VSA proxy are deployed on different machines, open these ports on both machines.

For more information, see "Port Requirements" in System Requirements for Virtual Server Agent with VMware.

Additional Port Requirements for 3dnfs Services

When a firewall is used, you must open additional ports on the firewall for all components that are used for features based on the 3dnfs service, such as live mount.

Note

These additional ports are not required for live browse or live file recovery.

These settings are required in addition to normal Commvault firewall configuration. The following components require open ports:

  • ESX server used to mount the snapshot

  • MediaAgent that has backup data (where the 3dnfs service is running)

    A File Recovery Enabler for Linux can serve as the MediaAgent for Linux VMs.

Note

If IPV6 support is enabled on the ESX server and the MediaAgent where 3dnfs is running, IPV6 will be used to communicate for browse and restore operations.

Port

Protocol

Description

From

To

2049 (TCP)

NFS

The 3dnfs server listens on this port for NFS remote procedure calls (RPCs). The ESX server connects to the 3dnfs server on this port.

ESX server

MediaAgent

MediaAgent

ESX server

111 (TCP+UDP)

SUN RPC PortMapper

This port is used by the ESX server to find the mount and NFS ports used by the MediaAgent.

ESX server

MediaAgent

MediaAgent

ESX server

User specified port (TCP)

Mount

The mount server runs on this port, and the ESX server mounts an NFS share using this port.

In a firewalled environment, you must open a fixed port in the firewall.

If no port is configured, a random port is used, and a different port might be used each time the service is restarted.

ESX server

MediaAgent

MediaAgent

ESX server

Procedure

Open all of the following ports:

  1. Open port 2049 for the TCP protocol.

  2. Open a user defined mount3 port for the TCP protocol. Create the nMount3Port additional setting on the MediaAgent where the 3dnfs service is running and specify any free port number as the value. After creating the additional setting, restart services.

  3. Open port 111 for both the TCP and UDP protocols.

For general information about Commvault network and port requirements, see the following pages:

Loading...