Is there any way to have the NSX firewall dynamically allow access for commvault dynmic ports? I would like
to not open everything from 1024-65,whaterver. But if that's what's needed, gotta do what ya gotta do.
Dynamic ports are opened and closed by the running Simpana software as required to permit certain types of transient traffic.
The GxCVD service dynamically uses free ports between 1024 and 65535 for communication during data protection and data recovery jobs. The system dynamically assigns a number of free ports to be used by each job to allow parallel data movement. Once the job is finished, if no other job is pending, the dynamic ports are released.
I'm not really sure about a straight forward steps to achieve this. FW rules can be applied on static/dynamic objects,but in this case you are in need of rule itself to be dynamic. Most likely VRO would be the right candidate. Whenever data protection and data recovery jobs is about to start,if a workflow can run and configure a fw rule and delete the same after finishing the job that would do the trick.
Thank you for the reply. Can you point to a document that spells out this dynamic rule creation in VRO?
Most likely this will require custom workflow. You will not see an inbuilt workflow since this is a unique use case.