Need to open ort 8400 for one-way firewall?

Last post 10-01-2019, 3:34 AM by Marcus Rolim. 3 replies.
Sort Posts: Previous Next
  • Need to open ort 8400 for one-way firewall?
    Posted: 09-16-2019, 6:21 PM

    Hi,

     

    I have my Commserve on internal network while my media agent server on a restricted network. From internal to restricted network, there is no restriction. From restricted network to internal, it's all closed by default. Commserve needs to be able to communicate with the media server to tell it to perform backups, I thought one-way firewall from Commserve to the media agent server would work. However, Commvault support told me even with such one-way firewall setup, I must open port 8400 from the media server to the Commserve (so MA can initiate communication to Commserve:8400) in order for them to communicate successfully. I am puzzled because in that case, one-way firewall is really not one-way them. I am under the impression that one-way firewall means Commserve initiate all the communication to the media agent server.

    Am I wrong on this?

    thanks,

  • Re: Need to open ort 8400 for one-way firewall?
    Posted: 09-17-2019, 10:44 PM

    For one way communication between internal and restricted, set up a tunnelled connection instead, and by default this is 8403.  I also recommend increasing the number of tunnels per route for the data traffic https://documentation.commvault.com/commvault/v11/article?p=95277.htm.

  • Re: Need to open ort 8400 for one-way firewall?
    Posted: 09-18-2019, 9:53 AM
    • Aplynx is not online. Last active: 10-16-2019, 2:44 PM Liam
    • Top 10 Contributor
    • Joined on 05-04-2010
    • New Jersey
    • Master
    • Points 1,723

    One way at minimum needs 8400 and 8403 in the direction traffic is going.

    You can actually remove 8400 if you enable the option to send all data through the tunnel port in outgoing routes. 

  • Re: Need to open ort 8400 for one-way firewall?
    Posted: 10-01-2019, 3:34 AM

    Hi acpp,

    I believe the options my fellow Commvault specialists mention can be found on the following tab.

     

    Regards,

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy