Skip to main content

Hello,

We have few laptop client which we wish to backup using Commvault endpoint protection. There is firewall between CV infra servers and laptop network and ports 8400 & 8403 are opened on the firewall. One way network topology has been configured with data forced to tunnel option but it is still using dynamic ports to send the traffic to CommCell components. There is no network gateway between them as it is a tiny setup.

 

 

 

Regards,

Jaspreet

Hi @Jaspreet 

You have defined both a network topology and additionally network rules on the client group.

On the Outgoing Rules tab on the Laptop Clients group, are there any additional ports configured?

If you have remote laptops, sending data via the internet into the Commvault infra, then I would recommend encrypting that traffic, using Encrypted tunnels.

 

Here’s the documentation link for reference:
https://documentation.commvault.com/11.24/expert/7172_direct_connections.html

Thanks,

Stuart


Hi @Stuart Painter 

Thanks for your response. No additional ports are configured on outgoing rules tab.

All the laptop are in corporate network, no laptop will connect from internet.

Using network topologies, we can restrict the backup/restore operation to specific ports rather than using dynamic ports i.e. 8403 in this case, is my understanding correct?

What further configuration I should do or check to make it work.

Out of context question, what would the setup be like in case laptop needs to connect from internet?

Regards,

Jaspreet


@Jaspreet , you likely need additional ports for traffic, though I’m curious as to what errors you get when the backups run, or have you not tried yet?


Hi @Mike Struening,

I did try by specifying additional ports but still using same dynamic ports.

If I open dynamic ports on the firewall the client registration and backup works fine. If I close the dynamic ports at firewall the client doesn’t even get registered.

Is it really possible to restrict the backup/restore operations data to specific ports? I have also tried by placing a network gateway proxy assuming CS & Gateway proxy will communicate on port 8403 and laptop clients can communicate using dynamic ports with gateway proxy on port 8403.

Regards,

Jaspreet


@Jaspreet , it absolutely should be possible.  I suspect something is set up wrong on one end or the other, though the best way for us to see what’s going on is to get a support case created so someone can dive in deep and analyze the environment.

Can you create an incident and share the number with me for tracking?

Thanks!


@Jaspreet , following up top see if you had a chance to open a support case for this (or resolved it on your own).

Thanks!


@Mike Struening We have opened all dynamic ports from our internal endpoint networks to the CommCell components and it works. Without dynamic ports I couldn’t implement even by using the firewall gateway.


Appreciate the update!


Reply