Network zoning adds security checks for connections that are attempted via network gateways. Commvault embeds cryptographically-protected identification numbers (called ZoneID numbers) into the certificates of each computer in the CommCell Console.
When a computer attempts to connect to a peer via a network gateway, the peer looks at the computer's ZoneID and decides whether to accept the connection. The peer will reject the connection if the remote client belongs to a different tenant.
By default, the network zoning check is enabled, and it will not allow any cross-tenant communication.
To disable the network zoning check and allow communication between different tenants, you must create the nNO_ZONE_CHECKS additional setting at the client/client group level.
For more information, see Enabling and Disabling Network Zoning.