Solved

Trafic between cascading network proxy

  • 14 September 2021
  • 5 replies
  • 173 views

Badge +4

We are currently having Commvault setup in Amazon. To our customers we are having a cascading Network proxy. Commvault is setting up a tunnel from the Network proxy in amazon to the network proxy at our customer site.

I would like to know what kind of traffic is being used between the two network proxies? (tunnel)
Is it save to send this traffic over the internet without VPN?

 

Thanks in advance!

icon

Best answer by Mike Struening RETIRED 27 September 2021, 23:09

View original

5 replies

Userlevel 7
Badge +19

@CVbackup if you enable the following setting than all traffic that is send into the tunnel is encrypted.

 

You can also enable it from the CommCell console as well. 

Badge +4

onno

 

Thanks! i will have look @ it.

Most of the time i use CommCell console.

Userlevel 7
Badge +19

This is the setting you are looking for….

 

Badge +4

I checked excryption is allready enabled. (see screenshot)

Question:
What kind of encryption is being ussed and what kind of tunnel is being setup?
HTTPS?


We are currently using a VPN connection to our customers; the network engineers are asking if we can send this directly over the internet? Whiteout a VPN connection.

Question:
Does anyone has expirience to send this directly over the internet without VPN connection?

 

 

 

Userlevel 7
Badge +23

@CVbackup , this document gives the details on each of the tunnel options:

https://documentation.commvault.com/11.24/expert/7375_configuring_outgoing_tunnel_connections.html

Specific to your selected option:

Encrypted

(HTTPS)

  • This protocol encrypts and authenticates the connections between CommCell components through Secure Socket Layer (SSL), similar to what happens when a web browser opens secure connections with https:// prefix.

  • Data and control traffic are transferred using HTTPS protocol.

Note: HTTPS and HTTPS tunnel traffic may be interrupted by a third-party security or traffic monitoring device. If such a device exists, make sure to add an exclusion from our traffic, or switch the tunnel protocol to Raw.

Reply