Re: NSX FIrewall Permitting Commvault Dynamic Port...

vmmedmed · ‎09-26-2017

Is there any way to have the NSX firewall dynamically allow access for commvault dynmic ports? I would like

to not open everything from 1024-65,whaterver. But if that's what's needed, gotta do what ya gotta do.

Dynamic Ports

Dynamic ports are opened and closed by the running Simpana software as required to permit certain types of transient traffic.

The GxCVD service dynamically uses free ports between 1024 and 65535 for communication during data protection and data recovery jobs. The system dynamically assigns a number of free ports to be used by each job to allow parallel data movement. Once the job is finished, if no other job is pending, the dynamic ports are released.

Services - FAQ

Sreec · ‎09-27-2017

I'm not really sure about a straight forward steps to achieve this. FW rules can be applied on static/dynamic objects,but in this case you are in need of rule itself to be dynamic. Most likely VRO would be the right candidate. Whenever data protection and data recovery jobs is about to start,if a workflow can run and configure a fw rule and delete the same after finishing the job that would do the trick.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

vmmedmed · ‎09-27-2017

Thank you for the reply. Can you point to a document that spells out this dynamic rule creation in VRO?

Sreec · ‎09-28-2017

Most likely this will require custom workflow. You will not see an inbuilt workflow since this is a unique use case.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

All

NSX FIrewall Permitting Commvault Dynamic Ports