Tried that but it didn't work at first. I managed to kinda get it to work using your key. To be clear, here are the steps I did so far:
1. Create an empty group (I named it "FW - Restricted")
2. On each server hosting Simpana server side services (Commserve, MAs, SRM Server, etc.), I modified the following firewall configuration properties:
- "Incoming Connections" tab: added the empty group and set the state to "RESTRICTED"
- "Incoming Ports" tab: added a range of open ports from 50002 to 50050 (port numbers can change obviously. So far the maximum number of ports used on our CS is 11 so you shouldn't need too many)
- "Options" tab: Enable the "Bind all services to open ports only" checkbox
3. On each server hosting Simpana server side services (Commserve, MAs, SRM Server, etc.), I modified the following registry key settings though the GUI:
- Key name: nBIND_OPEN_PORTS_ONLY
- Location: Firewall
- Type: REG_SZ
- Value: 1
Note that enabling the "Bind all services to open ports only" AND modifying the registry key to 1 were needed to get all services (cvd.exe, JobMgr.exe, AppMgrSvc.exe, MediaManager.exe, SRMServer.exe, etc.) to listen to a port in the range I wanted. If you do only one or the other, it doesn't work and all services will listen to random ports.
When I start a backup though, MediaManager.exe seem to open a connection to each clients and will listen to a random port per client. When I do a netstat, I can see that without any jobs running, it listens to port 50008 which is good. Only thing I need to do is figure out how to prevent the service to open random ports during backups and keep it, ideally, to 50008.
I'm guessing that would be done by putting every clients in my "FW - Restricted" group but that also mean that every time a new client is added, I'll need to add him to that group as well. Would be nice to have an option in the firewall settings to tell it that the rule applies to every clients and not only a group. Will test this and get back with the results.
Any other suggestions are welcome!