Network topology with custom port

Question

Hi Vaulters,

In order to implement a Vault site which will contain one MediaAgent in it, we wanted to restrict the communication of this MediaAgent to only the CS + MAs in Prod site and make connection only be established through the Vault site.

To make things even securised, we wanted to use a dedicated port for the Vault MA unstead of the defaults 8400/8403.

Seems this can be achived through One-Way network topology while setting : Vault MA → Prod CS/MAs.

But not sure about the customized port to be used, as from OS/Network perspective only the custom port will be allowed between the Vault MA and Prod CS/MAs. Should the custom port be set in the below screenshot during topology creation or set as an additional setting in the Vault MA (nCVDPORT) or both ? How to let CV know that the communication will only be established by the Vault MA and use a defined port ?

This is a bit confusing.

Thanks in advance.

Jace Ross · Answer

Hi Sys Engineer,You have the right idea.8400 and 8403 serve different purposes.8400 is your CVD port, it’s your initiation connections, your requests between servers, etc.8403 is your tunnel port, this is what is transporting data.So you can use both settings you’ve mentioned and at the end of it you will have 2 customports.However if you want a single port you will need to usenCLNT_FORCE_TUNNELhttps://documentation.commvault.com/11.40/software/enabling_and_encrypting_automatic_tunneling.htmlHope this helps,

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded