I got the following configuration:
Commvault SP14 HPK29
Commserve - 192.168.91.5
MA01 - 192.168.91.6
MA02 - 192.168.91.7
MA03 - 192.168.91.8
MA04 - 192.168.91.9
NetApp C-mode filer (ONTAP 9.5 something) - 192.168.91.10
Two restores servers:
CV-TST01 - File System Agent Installed - 192.168.91.11
CV-TST02 - File System Agent Installed - 192.168.95.20
All the IP Address of course is made up, just to show you all the commvault infrastructure, Netapp filer and 1st restore servers are on same VLAN (VLAN 91), and the other restore server on another one (VLAN 95).
Backing up NDMP 2 disk (Regular storage policy with one primary copy going to a disk library connected to the media agent by fiber through our SAN Switch).
1. Scenario 1:
restoring data from the backup to CV-TST01 through one of the media agent - works but using RPC High ports (49,000-65,535) - don't care because it is working fine
2. scenario 2:
Restoring data from backup to CV-TST02 doesn't work as our firewall blocks high ports traffic between media agents and clients, intentionally of course.
The only ports opened between clients and commserve\media agents are 8400-8655.
NDMP restores doesn't seem to honor the inside firewall topology configured in commvault.
3. scenario 3:
Restoring regular file system agent files (regular, not NDMP) to CV-TST02 works fine with the ports configured inside commvault network topology. 8400-8655 ports are honored.
Please help as I can't find any mention in BOL to why NDMP restores using high RPC ports and regular file system files restore do honor the commvault topology and succeed behind a firewall.