Enabling Firewall on HyperScale Edge

Firewall is automatically enabled on new installations of the HyperScale Edge node.

Firewall configuration divides the network into zones. A zone is a group of interfaces and services that share common rules to establish a secure boundary within the network and implement access control between the nodes. When you enable firewall, the CS registration and data protection interfaces are added to the default 'blocked' zone and the storage pool interface is added to a private 'cv_storage_ zone' in the firewall configuration.

Use the following procedure to enable firewall manually.

Procedure

1. Set the Backup Gateways associated with the HyperScale Edge node on Maintenance mode.

   For more information, see Setting the Backup Gateway on Maintenance Mode.

2. Log on to the HyperScale Edge node.

3. Navigate the following folder:

   # cd /opt/commvault/MediaAgent/task_manager

4. Run the following script:

   # ./cvmanager.py -t Configure_Firewall

   This will enable the necessary ports needed for the node, depending on your environment.

5. Verify that the firewall is enabled using the following command:

   # firewall-cmd --state

   This should display the state as running.

6. Verify that the Backup Gateway services are running using the following command:

   # commvault list

7. Check readiness of the HyperScale Edge node to make sure that it is ready.

8. Turn off the maintenance mode on Backup Gateways associated with the cluster.

   For more information, see Setting the Backup Gateway on Maintenance Mode.