We have few laptop client which we wish to backup using Commvault endpoint protection. There is firewall between CV infra servers and laptop network and ports 8400 & 8403 are opened on the firewall. One way network topology has been configured with data forced to tunnel option but it is still using dynamic ports to send the traffic to CommCell components. There is no network gateway between them as it is a tiny setup.
Best answer by JaspreetView original
You have defined both a network topology and additionally network rules on the client group.
On the Outgoing Rules tab on the Laptop Clients group, are there any additional ports configured?
If you have remote laptops, sending data via the internet into the Commvault infra, then I would recommend encrypting that traffic, using Encrypted tunnels.
Here’s the documentation link for reference:
Thanks for your response. No additional ports are configured on outgoing rules tab.
All the laptop are in corporate network, no laptop will connect from internet.
Using network topologies, we can restrict the backup/restore operation to specific ports rather than using dynamic ports i.e. 8403 in this case, is my understanding correct?
What further configuration I should do or check to make it work.
Out of context question, what would the setup be like in case laptop needs to connect from internet?
I did try by specifying additional ports but still using same dynamic ports.
If I open dynamic ports on the firewall the client registration and backup works fine. If I close the dynamic ports at firewall the client doesn’t even get registered.
Is it really possible to restrict the backup/restore operations data to specific ports? I have also tried by placing a network gateway proxy assuming CS & Gateway proxy will communicate on port 8403 and laptop clients can communicate using dynamic ports with gateway proxy on port 8403.
Can you create an incident and share the number with me for tracking?
Appreciate the update!