Support of Network Address Translation (NAT) Communication Though a Firewall

Article ID: NWK0003 Support of Network Address Translation (NAT) Communication Though a Firewall

Title

Support of Network Address Translation (NAT) Communication Though a Firewall

Reference

When CommCell components are separated by a firewall, the components must be configured with a connection route to reach each other across the firewall. In most scenarios, hosts behind the firewall are in a private or trusted network and communicate through the firewall to the public or untrusted network using a common network IP address. This is called Network Address Translation (NAT). Communication between public and private hosts using a single public IP address is managed by assigning a unique port numbers to each host/service.

For example: Commvault firewall incoming port on a CS in a private network of 10.0.0.5:8403 may be mapped to a public address and port number of 172.50.0.7:9250. All public hosts will connect to the gateway / NAT box on 172.50.0.7:9250 and the traffic will be forwarded to the CommServe on 10.0.0.5:8403. The destination host address will be encapsulated within the port-forwarded traffic.

A Port-forwarding gateway is a firewall router configured to handle Network Address Translation (NAT) traffic. Below is an example of Port-forwarding Gateway Firewall configuration

The above diagram depicts a common “gateway” firewall configuration. Trusted networks use private IP addresses to communicate within their trusted environment. Communication between the trusted networks over an untrusted network, use a single public IP address. Data traffic between hosts across the untrusted network is port-forwarded by the gateway routers.

If a port-forwarding device is not available or desired, you can enable use of a Commvault Proxy host in a perimeter network (DMZ) to route traffic between trusted and untrusted networks

For more information see:

Firewall: Operating Through a Port-Forwarding Gateway

Firewall: Perimeter Network Using Commvault Proxy