Support of Network Address Translation (NAT) Communication Though a Firewall
Article ID: NWK0003 Support of Network Address Translation (NAT) Communication Though a Firewall
When CommCell components are separated by a firewall, the components must be configured with a connection route to reach each other across the firewall. In most scenarios, hosts behind the firewall are in a private or trusted network and communicate through the firewall to the public or untrusted network using a common network IP address. This is called Network Address Translation (NAT). Communication between public and private hosts using a single public IP address is managed by assigning a unique port numbers to each host/service.
For example: Commvault firewall incoming port on a CS in a private network of 10.0.0.5:8403 may be mapped to a public address and port number of 220.127.116.11:9250. All public hosts will connect to the gateway / NAT box on 18.104.22.168:9250 and the traffic will be forwarded to the CommServe on 10.0.0.5:8403. The destination host address will be encapsulated within the port-forwarded traffic.
A Port-forwarding gateway is a firewall router configured to handle Network Address Translation (NAT) traffic. Below is an example of Port-forwarding Gateway Firewall configuration
The above diagram depicts a common “gateway” firewall configuration. Trusted networks use private IP addresses to communicate within their trusted environment. Communication between the trusted networks over an untrusted network, use a single public IP address. Data traffic between hosts across the untrusted network is port-forwarded by the gateway routers.
If a port-forwarding device is not available or desired, you can enable use of a Commvault Proxy host in a perimeter network (DMZ) to route traffic between trusted and untrusted networks
For more information see: