Hello Jps666,
In 1 way topology, the direction of the persistent tunnel is defined between client A to client B. Once the tunnel has been established it would be a constant tunnel between client A to the listening port on client B (8403).
https://documentation.commvault.com/commvault/v11_sp20/article?p=7172.htm
In two way connection, the initiator is the one establishing the connection needed for communication for 2 way on-demand configuration. So at the start of a windows file system agent job for example, the scan phase is started by the commserve, so the commserve will establish the tunnel to the client. This cannot be controlled since this is a On-Demand tunnel creation.
8403 is the firewall daemon port by default, so it would always need to be open on all clients within the environment. The incoming listening port can be changed to a different port if needed, but the firewall daemon will still listen on 8403 by default that is by design.
So if you want the client to be listening on 8403, a 1 way network design is recommended with the tunnel from CS/MA to the client, and the client would be accepting/listening for connections on the incoming port.
Hope that helps clarify a few things.
Hello team.
Thank You for explanation.
But one more question:
There is "bind all services to open ports" checkbox in the options tab of Network Route Settings. What does it do in a 1way or 2 way direct configuration ? As I understand that in case of establishing a tunnel any commvault related communication is limited to tunnel so what I have this option choose for.
Similarly, another option "force all data (along with control) traffic into tunnel” option seems strange to me for the same reasons as mentioned before.
Many thanks for help to understand.
Hi @jps666 ,
Network properties have an ‘Additional ports’ section which accepts the port range that is open between machines.
https://documentation.commvault.com/commvault/v11_sp20/article?p=7394.htm
There are 2 use cases with these additional ports.
- ‘Bind all services to open ports’ option uses these additional ports and enables the services running on a machine to listen only on these ports. Usually when someone wants to restrict the listening ports on a machine to a certain port range to not conflict with some other application.
https://documentation.commvault.com/commvault/v11_sp20/article?p=7353.htm
- One-way or two-way configuration uses the tunnel port (on port restricted environment where one or few ports are open) for all communication between the configured machines. When additional ports on the remote machine are open, it will bypass the tunnel port and directly connects to the remote port when required. ‘"force all data (along with control) traffic into tunnel” will force the communication over tunnel port even though additional ports are open.
Thanks
Prakash