- Any machine the source machine would talk to when completing the task assigned.
- That’s likely because you previously configured the firewall\network configuration in commvault to only use 8600-8650 as additional ports
- 8400 and 8403 are default bi-directional ports. The remaining ephemeral ports are used dynamically during operations.
Thank you but could you please be more precise because sorry but I do not unerstand your answers
- What should I say to a network guy as Source and Destination?
- But do we need those additional ports 8600-8650 to be opened? OR what is the reason to use those additional ports?
- You wrote “8400 and 8403 are default bi-directional ports.” But again, what should I say to a network guy as Source and Destination?
Thanks
It’s essentially all the ephemeral ports or you set what ports you are using alongside 8400/8403 and which direction one way in\out or bi directional in the network configuration.
Sorry not clear for me.
Could you please you or someone else try to answer my questions above?
thanks
He answered the question you just don’t understand him.
The documentation is also clear, all means all.
Client’s, Media Agents, Commserve, Proxies etc. i.e ALL
The simplest thing to tell your network guy is that for both source and destination ports you will need ports 8400 - 8403 to be open.
This should cover the default ports, additional ports are just that, additional or user defined, they are not strictly speaking required by commvault but can be configured optionally by the user.
Bidirectional means communication ports have to be open between both sides i.e source and destination.
My suggestion is to remove them since it will only complicate any interactions between you and your firewall guy.
Though I will say now is a nice time to ask, @Aplynx what is the benefit to defining additional ports sort they are not actually required?
Perhaps I am just stupid if I don’t understand!?
And if ALL means Clients, Media Agents, Commserve, VSA Proxies etc…, it should be clearly specified!
And what does it mean “All other network peers” in the Commvault table above?
A network guy always requires the following information:
Source IP | Source Port | Destination IP | Destination port | Protocol |
So, to take back the example above, please what should I put in his table?
Thanks
Perhaps I am just stupid if I don’t understand!?
And if ALL means Clients, Media Agents, Commserve, VSA Proxies etc…, it should be clearly specified!
And what does it mean “All other network peers” in the Commvault table above?
A network guy always requires the following information:
Source IP | Source Port | Destination IP | Destination port | Protocol |
So, to take back the example above, please what should I put in his table?
Thanks
It is clearly specified, because that is what “ALL” means.
What other word would you choose to encompass, every single commvault entity that listens on its service ports?
Also misunderstanding something doesn’t make you stupid, Language is a low bandwidth method of communication and subject to personal interpretation all it requires is patience and the understanding that miscommunication is easy.
It should be understood that the vast majority of people on this people respond out of a sense of community. So be nice, its free.
Ok written communication is not always easy. Agree.
But we could avoid some misinterpretation with some sentences and as you wrote “Be nice next time, it’s free”. Case closed from my side.
It’s also generally easier to configure through groups: https://documentation.commvault.com/2022e/expert/7453_best_practices_for_network_routes.html
There should already be an infrastructure group that contains all media agents and the CommServe, so a very simple configuration would be to have a group with all the clients and then at the group level you add the infrastructure to the network configuration of the client group and the client group to the infrastructure’s network configuration.
In this simple configuration, by just having each group as a restricted connection in the other group’s network configuration, you have essentially curtailed all traffic to only use 8400 for communication (cvd) and 8403 for firewall (cvfwd). This is a very basic example.
@Aplynx That video is much better than I would have expected.
Video pretty much explains it all - Marking this as best answer!
For most configurations, if you open port 8400-8403 bi-bidirectionally between all servers/clients/components etc that should be sufficient. Out of the box, Commvault tries to use ports in the dynamic/ephemeral port range which, if blocked, will force it to tunnel those connections over port 8403.
If 8403 is not open then backups/restores will fail. If you want to customize the tunnel port you can, but then you need to setup the network rules manually - you can then also specify a single direction if you like (i.e only one side of the network connection will be responsible for establishing and maintaining the connection). But, the easiest way to get most things working is to open up ports 8400-8403 bidirectionally.
There are some components which will require additional ports, if for example your webserver and webconsole installs are on different servers which have blocked ports.
Extremely poor documentation to refer to “All” and “All other network peers”.
Makes it hard to understand from networking perspective.