I have my Commserve on internal network while my media agent server on a restricted network. From internal to restricted network, there is no restriction. From restricted network to internal, it's all closed by default. Commserve needs to be able to communicate with the media server to tell it to perform backups, I thought one-way firewall from Commserve to the media agent server would work. However, Commvault support told me even with such one-way firewall setup, I must open port 8400 from the media server to the Commserve (so MA can initiate communication to Commserve:8400) in order for them to communicate successfully. I am puzzled because in that case, one-way firewall is really not one-way them. I am under the impression that one-way firewall means Commserve initiate all the communication to the media agent server.
Am I wrong on this?