Setup Firewall Without Proxy - Laptop Backup

Overview

Prepare CommCell

Firewall Using Proxy

Firewall Without Proxy

Create Installation Package

Web Access

SKIP THIS Page IF YOU ARE USING PROXY Server

Click to Continue.

When CommCell components are separated by a firewall, the components must be configured with the connection route to reach each other across the firewall. Once configured, the components seamlessly communicate across the firewall for all data management operations such as backup, browse, restore, etc.

The following sections explain the steps involved in operating the direct connection setup, where the client opens tunnel connection toward the CommServe and the MediaAgent:

Configure Firewall On CommServe
Configure Firewall On MediaAgent
Configure Firewall On Client Group

Before You Begin

Review the following considerations before you begin:

Make a note of the port configuration on your firewall and substitute them appropriately in the following instructions.
Microsoft Internet Information Services (IIS) uses port number 443 by default. So if you have IIS running on a computer, then you will not be able to use port 443 for firewall configuration on that computer.

Configure Firewall On CommServe

1.	From the CommCell Console, right-click the CommServe computer and click Properties.
2.	Click the Firewall Configuration tab. Select Configure Firewall Settings box. Click Add.
3.	From the From list, click the Laptop Backup client group. From the State list, click Restricted. Click OK.
4.	Click Incoming Port tab.
5.	Select Listen for tunnel connection on port box and type or select the port number on which the incoming tunnel connection is received. Click Options tab.
6.	In the Keep-alive Interval, seconds box modify the value to 86400 (24 hours). In the Tunnel Init Interval, seconds box, modify the value to 10. Click OK.
7.	From the CommCell Browser, right-click the CommServe computer, point All Tasks and then click Push Firewall Configuration.
8.	Click Continue.
9.	The specified configuration is saved. The firewall configuration was pushed successfully.

Configure Firewall on MediaAgent

Skip this Section if MediaAgent is Same As CommServe.

10.	From the CommCell Console, navigate to Storage-Resource \| MediaAgents, select and right-click <media_agent> and then click Properties.
11.	Click Firewall Configuration tab. Select Configure Firewall Settings box. Click Add.
12.	From the From list, click the Laptop Backup client group. From the State list, click Restricted. Click OK.
13.	Click the Incoming Ports tab.
14.	Select Listen for tunnel connection on port box and type or select the port number on which the incoming tunnel connection is received. Click Options tab.
15.	In the Keep-alive Interval, seconds box modify the value to 86400 (24 hours). In the Tunnel Init Interval, seconds box, modify the value to 10. Click OK.
16.	From the CommCell Console, navigate to Storage-Resource \| MediaAgents. Right-click the <media_agent> and then click Push Firewall Configuration.
17.	Click Continue.
18.	The specified configuration is saved. The firewall configuration was pushed successfully.

Configure Firewall On Client Group

19.

From CommCell Browser, navigate to Client Computer Groups.
Right-click the Laptop Backup group and then click Properties.

20.

Click Firewall Configuration tab.
Select Enable Firewall Configuration box.
Click Add.

21.

From the From list, click the name of the CommServe computer.
From the State list, click Blocked, since the CommServe cannot open connections to the Client.
Click OK.

22.

If you have not configured the firewall on MediaAgent, skip this step.
If you have configured firewall on MediaAgent, follow this steps:
- From the From list, click the name of the MediaAgent computer.
- From the State list, click Blocked, since the MediaAgent cannot open connections to the Client.
- Click OK.

23.

Click the Outgoing Routes tab.

Click Add.

24.

From the Remote Group/Client list, select CommServe name.
From the Route Type, click Direct.
From the Tunnel Connection Protocol, click HTTPS.
Click OK.

If MediaAgent is installed on separate computer, repeat the steps described above and select the MediaAgent in the Remote Group/Client list.

25.

Click Options Tab.
In the Keep-alive Interval, seconds box modify the value to 86400 (24 hours).
In the Tunnel Init Interval, seconds box, modify the value to 10.
Click Network Throttling tab.

26.

Select Enable Network Throttling checkbox.
In Remote Clients or Client Group, select the Media Agent designated for this Client Group.
Click Add to setup throttling rules.

27.

Specify the following and then click OK.

Days of Week - select a day or multiple days for the schedule to run.
Time Interval - select Whole day or a specific time interval for the schedule to run.
Throttling Rate - select Throttle Send and Throttle Receive rate and enter values.

28.

The newly added throttling rules will be displayed in Throttling Schedule.

Click OK.

29.

From the CommCell Browser, navigate to Client Computer Groups.
Right-click the Laptop Backup group and point All Tasks and then click Push Firewall Configuration.

30.

Click Continue.

31.

The specified configuration is saved.

The firewall configuration was pushed successfully.

32.

The newly added clients will automatically be registered in the client group and will hence inherit the firewall settings established in the client group.