Select one of the following options for firewall configuration:
Client/MediaAgent can reach the CommServe
CommServe can reach the Client/MediaAgent
Client/MediaAgent and CommServe can reach each other
CommServe can be Reached through a Port Forwarding Gateway
CommServe can be Reached through a Proxy
Before configuring firewall options, ensure to setup connection to the CommServe as described in the Client Connects to the CommServe (One-Way Firewall) procedure.
Use the following procedure when the Client/MediaAgent can reach the CommServe.
1. | Type 1 to select This machine can open connection to CommServe on tunnel port and press Enter to continue. |
Please specify now how your firewall is
limiting network traffic. Whether it's possible to open connection from here to
a CommServe's tunnel port, whether all connections toward CommServe are blocked,
and we should instead expect CommServe to connect back to us, or whether there
is a proxy in between. 1) This machine can open connection to CommServe on a tunnel port 2) CommServe can open connections toward us 3) CommServe is reachable only through a proxy Your choice: [1] |
||
2. | Enter the name of the CommServe computer. Press Enter to continue.
|
Please specify client name of the
CommServe below. CommServe Client Name: |
||
3. | Enter the fully qualified name or the IP address of the
CommServe in the CommServe Host Name. This should be TCP/IP network
name. e.g., computer.company.com. Press Enter to continue.
|
Please specify hostname of the
CommServe below. Make sure the hostname is fully qualified, resolvable
by the name services configured on this machine. If there is a
port-forwarding Gateway in front of the CommServe, enter hostname or IP
address of the Gateway here. CommServe Host Name: |
||
4. | Type the incoming port number through which the CommServe
computer receives tunnel connection. Press Enter to continue. |
Please specify the port number, on which
we should open tunnel connections toward the CommServe. This is same as "Tunnel
HTTP/HTTPS port" configurable in the "Incoming Ports" tab of the CommServe
Firewall Properties adjusted for a possible port-mapping Gateway in front of it. CommServe HTTP/HTTPS tunnel port number: 8500 |
||
5. |
|
If there is an HTTP proxy
between this client and the CommServe (e.g. Squid or Apache), please provide
HTTP Proxy configuration below. Is there an HTTP proxy between this client and the CommServe? [no] |
||
6. | If the CommCell is in the Lockdown mode, enter Yes
and provide the path to the folder in the which the CommCell HTTPS certificate
are available.
Press Enter to continue installation. |
If you have checked "Lockdown
CommCell" in firewall properties of the CommServe or Proxy, you need to
provide path to the directory with CommCell HTTPS certificate below. This certificate can be obtained by right-clicking CommServe name in the Java GUI, and selecting All Tasks -> Export Firewall Certificate popup menu item. Have you enabled "Lockdown CommCell"? [no] |
Before configuring firewall options, ensure to setup connection to the CommServe as described in the CommServe Connects to the Client (One-Way Firewall) procedure.
Use the following procedure when the CommServe can reach the Client/MediaAgent.
1. | Type 2 to select CommServe can open connection toward us option and press Enter to continue. |
Please specify now how your firewall is
limiting network traffic. Whether it's possible to open connection from here to
a CommServe's tunnel port, whether all connections toward CommServe are blocked,
and we should instead expect CommServe to connect back to us, or whether there
is a proxy in between. 1) This machine can open connection to CommServe on a tunnel port 2) CommServe can open connections toward us 3) CommServe is reachable only through a proxy Your choice: [1] |
||
2. | Enter the name of the CommServe computer. Press Enter to continue.
|
Please specify client name of the
CommServe below. CommServe Client Name: |
||
3. | Specify a local port number through which the Client/MediaAgent
will receive communication from the CommServe. Press Enter to continue. |
Since we cannot contact CommServe
directly, we will need to configure a reverse tunnel connection from the
CommServe to us. Please enter a local port number to listen on below, then go to
CommServe and create a persistent tunnel toward this client in the [outgoing]
section of FwConfigLocal.txt. When finished, return to this configuration
screen, and hit Enter to continue. Local HTTP/HTTPS tunnel port number: 8550 |
||
4. | If the CommCell is in the Lockdown mode, enter Yes
and provide the path to the folder in the which the CommCell HTTPS certificate
are available.
Press Enter to continue installation. |
If you have checked "Lockdown
CommCell" in firewall properties of the CommServe or Proxy, you need to
provide path to the directory with CommCell HTTPS certificate below. This certificate can be obtained by right-clicking CommServe name in the Java GUI, and selecting All Tasks -> Export Firewall Certificate popup menu item. Have you enabled "Lockdown CommCell"? [no] |
Before configuring firewall options, ensure to setup connection to the CommServe as described in the Client and CommServe Connect to each other (Two-Way Firewall) procedure.
Use the following procedure when the Client/MediaAgent and CommServe can reach each other.
1. | Type 1 to select This machine can open connection to CommServe on tunnel port and press Enter to continue. |
Please specify now how your firewall is
limiting network traffic. Whether it's possible to open connection from here to
a CommServe's tunnel port, whether all connections toward CommServe are blocked,
and we should instead expect CommServe to connect back to us, or whether there
is a proxy in between. 1) This machine can open connection to CommServe on a tunnel port 2) CommServe can open connections toward us 3) CommServe is reachable only through a proxy Your choice: [1] |
||
2. | Enter the name of the CommServe computer. Press Enter to continue.
|
Please specify client name of the
CommServe below. CommServe Client Name: |
||
3. | Enter the fully qualified name or the IP address of the
CommServe in the CommServe Host Name. This should be TCP/IP network
name. e.g., computer.company.com. Press Enter to continue.
|
Please specify hostname of the
CommServe below. Make sure the hostname is fully qualified, resolvable
by the name services configured on this machine. If there is a
port-forwarding Gateway in front of the CommServe, enter hostname or IP
address of the Gateway here. CommServe Host Name: |
||
4. | Type the incoming port number through which the CommServe
computer receives tunnel connection. Press Enter to continue. |
Please specify the port number, on which
we should open tunnel connections toward the CommServe. This is same as "Tunnel
HTTP/HTTPS port" configurable in the "Incoming Ports" tab of the CommServe
Firewall Properties adjusted for a possible port-mapping Gateway in front of it. CommServe HTTP/HTTPS tunnel port number: 8500 |
||
5. |
|
If there is an HTTP proxy
between this client and the CommServe (e.g. Squid or Apache), please provide
HTTP Proxy configuration below. Is there an HTTP proxy between this client and the CommServe? [no] |
||
6. | If the CommCell is in the Lockdown mode, enter Yes
and provide the path to the folder in the which the CommCell HTTPS certificate
are available.
Press Enter to continue installation. |
If you have checked "Lockdown
CommCell" in firewall properties of the CommServe or Proxy, you need to
provide path to the directory with CommCell HTTPS certificate below. This certificate can be obtained by right-clicking CommServe name in the Java GUI, and selecting All Tasks -> Export Firewall Certificate popup menu item. Have you enabled "Lockdown CommCell"? [no] |
Before configuring firewall options, ensure to configure the port-forwarding gateway and to setup connection to the CommServe as described in the Operating Through a Port-Forwarding Gateway procedure.
Use the following procedure when the Client/MediaAgent connects to the CommServe through a port forwarding gateway.
1. | Type 1 to select This machine can open connection to CommServe on tunnel port and press Enter to continue. |
Please specify now how your firewall is
limiting network traffic. Whether it's possible to open connection from here to
a CommServe's tunnel port, whether all connections toward CommServe are blocked,
and we should instead expect CommServe to connect back to us, or whether there
is a proxy in between. 1) This machine can open connection to CommServe on a tunnel port 2) CommServe can open connections toward us 3) CommServe is reachable only through a proxy Your choice: [1] |
||
2. | Enter the name of the CommServe computer. Press Enter to continue.
|
Please specify client name of the
CommServe below. CommServe Client Name: |
||
3. | If the CommServe is located in behind a port-forwarding
gateway, provide the hostname of the port-forwarding gateway e.g.,
gateway.gatewayservices.com. Press Enter to continue.
|
Please specify hostname of the CommServe below. Make sure the hostname is fully qualified, resolvable by the name services configured on this machine. If there is a port-forwarding Gateway in front of the CommServe, enter hostname or IP address of the Gateway here. | ||
4. | Type the incoming port number on the port-forwarding
gateway through which the CommServe computer can be reached. Press Enter to continue. |
Please specify the port number, on which
we should open tunnel connections toward the CommServe. This is same as "Tunnel
HTTP/HTTPS port" configurable in the "Incoming Ports" tab of the CommServe
Firewall Properties adjusted for a possible port-mapping Gateway in front of it. CommServe HTTP/HTTPS tunnel port number: 8500 |
||
5. |
|
If there is an HTTP proxy
between this client and the CommServe (e.g. Squid or Apache), please provide
HTTP Proxy configuration below. Is there an HTTP proxy between this client and the CommServe? [no] |
||
6. | If the CommCell is in the Lockdown mode, enter Yes
and provide the path to the folder in the which the CommCell HTTPS certificate
are available. NOTES:
Press Enter to continue installation. |
If you have checked "Lockdown
CommCell" in firewall properties of the CommServe or Proxy, you need to
provide path to the directory with CommCell HTTPS certificate below. This certificate can be obtained by right-clicking CommServe name in the Java GUI, and selecting All Tasks -> Export Firewall Certificate popup menu item. Have you enabled "Lockdown CommCell"? [no] |
Before configuring firewall options, ensure to setup the Calypso proxy as described in the Operating Through a DMZ Using Calypso Proxy procedure.
Use the following procedure when the client/MediaAgent connects to the CommServe through a proxy.
1. | Type 3 to select CommServe is reachable only through a proxy and press Enter to continue. |
Please specify now how your firewall is
limiting network traffic. Whether it's possible to open connection from here to
a CommServe's tunnel port, whether all connections toward CommServe are blocked,
and we should instead expect CommServe to connect back to us, or whether there
is a proxy in between. 1) This machine can open connection to CommServe on a tunnel port 2) CommServe can open connections toward us 3) CommServe is reachable only through a proxy Your choice: [1] |
||
2. | Enter the name of the CommServe computer. Press Enter to continue.
|
Please specify client name of the
CommServe below. CommServe Client Name: |
||
3. | Provide the following information:
Press Enter to continue. |
Please specify the name of IP address of
the proxy that should be used to reach the CommServe along with the port number,
on which the proxy is expecting connections. Proxy hostname or IP address: Proxy host name: Proxy HTTP/HTTPS tunnel port number: |
||
4. |
Press Enter to continue. |
If there is an HTTP proxy
between this client and the CommServe (e.g. Squid or Apache), please provide
HTTP proxy configuration below. Is there an HTTP proxy between this client and the CommServe? [no] |
||
5. | If the CommCell is in the Lockdown mode, enter Yes
and provide the path to the folder in the which the CommCell HTTPS certificate
are available.
Press Enter to continue installation. |
If you have checked "Lockdown
CommCell" in firewall properties of the CommServe or Proxy, you need to
provide path to the directory with CommCell HTTPS certificate below. This certificate can be obtained by right-clicking CommServe name in the Java GUI, and selecting All Tasks -? Export Firewall Certificate popup menu item. Have you enabled "Lockdown CommCell"? [no] |