Skip to main content
Solved

Firewall Configuration for RHEV


Kamil W
Commvault Certified Expert
Forum|alt.badge.img+11
  • Commvault Certified Expert
  • 83 replies

Hello Guys,

 

I need your help.

 

I am deplying a VM protection (Red Hat Enterprise Virtualization) in the Customer’s environment.

The Customer has the following configuration:

 

 

CS and MA are located outside of Internal Network.

RHEV Manager Server is located behind the Firewall.

VSA Proxy is a part of the RHEV environment (VM running Linux OS)

 

I created a Client Group called ‘DMZ’, then I put the VSA proxy to this group.

I also set the Network Route for DMZ group as follows:

  • From Infastructure Group - Blocked

Then I set the Network Route for Infastructure group as follows:

  • From DMZ Group - Restricted (port 8403)

 

Is anything alse that I need to do to create a RHEV pseudo-client?

Do you think that this Firewall configuration should work or maybe I should set the Firewall in different way?

 

Rgds,

Kamil

Best answer by MichaelCapon

Hey Kamil,

 

From your description and diagram, it looks like this should work as intended.
Setting Infra as blocked will force the VSA (In DMZ Group) to initiate the tunnel connection on 8403 to the Infrastructure Group servers (CS and MA).

 

Best Regards,

Michael

View original
Did this answer your question?

3 replies

MichaelCapon
Vaulter
Forum|alt.badge.img+14
  • Vaulter
  • 349 replies
  • Answer
  • July 29, 2021

Hey Kamil,

 

From your description and diagram, it looks like this should work as intended.
Setting Infra as blocked will force the VSA (In DMZ Group) to initiate the tunnel connection on 8403 to the Infrastructure Group servers (CS and MA).

 

Best Regards,

Michael


Kamil W
Commvault Certified Expert
Forum|alt.badge.img+11
  • Author
  • Commvault Certified Expert
  • 83 replies
  • July 29, 2021

Many thanks, @MichaelCapon .

 

Rgds,

Kamil


Damian Andre
Vaulter
Forum|alt.badge.img+23

 


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings