Veeam

Veeam 端口大全

2020年7月8日

有些Linux发行版需要手动创建防火墙和/或安全规则。有关详细信息,请参阅这篇Veeam知识库文章。 

汉化问题等有时间在处理吧~

你可以在下面找到端口的完整列表。

Backup Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components.

From To Protocol Port Notes

Virtualization Servers

Backup server

vCenter Server HTTPS TCP 443 Default port used for connections to vCenter Server.

If you use vCloud Director, make sure you open port 443 on underlying vCenter Servers.

HTTPS TCP 10443 Port used for communication with vCenter Server.

This port is not required for VMware Cloud on AWS.

ESXi server HTTPS TCP 443 Default port used for connections to ESXi host.
[For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.Note: When you configure firewalls, consider opening port 443 on ESXi hosts even if you add vCenter Server to the backup infrastructure. Port 443 may be required for backup and restore without vCenter Server, for example, if you back up a VM that hosts vCenter Server and restore it when vCenter Server is down.This port is not required for VMware Cloud on AWS.
TCP 902 Port used for data transfer to ESXi host.

This port is not required for VMware Cloud on AWS.

TCP 22 Port used as a control channel (only for jobs that use an ESXi target with the console agent enabled).

This port is not required for VMware Cloud on AWS.

vCloud Director HTTPS TCP 443 Default port used for connections to vCloud Director.

Other Servers

Backup server

Microsoft SQL Server hosting the Veeam Backup & Replication configuration database TCP 1433 Port used for communication with Microsoft SQL Server on which the Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance).

Additional ports may need to be open depending on your configuration. For more information, see Microsoft Docs.

DNS server with forward/reverse name resolution of all backup servers UDP 53 Port used for communication with the DNS Server.
Veeam Update Notification Server (dev.veeam.com) TCP 80 Default port used to download information about available updates from the Veeam Update Notification Server over the Internet.
Veeam License Update Server (autolk.veeam.com) TCP 443 Default port used for license auto-update.

Backup Server

Backup server

Backup server TCP 9501 Port used locally on the backup server for communication between Veeam Broker Service and Veeam services and components.

Remote Access

Management client PC (remote access)

Backup server TCP 3389 Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open.

Veeam Backup & Replication Console Connections

The following table describes network ports that must be opened to ensure proper communication with the Veeam Backup & Replication console installed remotely.

From To Protocol Port Notes

Veeam Backup & Replication Console

Backup server TCP 9392 Port used by the Veeam Backup & Replication console to connect to the backup server.
TCP 10003 Port used by the Veeam Backup & Replication console to connect to the backup server only when managing the Veeam Cloud Connect infrastructure.
TCP 9396 Port used by the Veeam.Backup.UIService process for managing database connections.

Veeam Backup & Replication Console

Mount server (if the mount server is not located on the console) TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Microsoft Windows Server Connections

The following table describes network ports that must be opened to ensure proper communication with Microsoft Windows servers.

Each Microsoft Windows server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.

For example, if you assign the role of a backup proxy to your Microsoft Windows server, you must open ports listed below and also ports listed in the Backup Proxy Connections section.

The Microsoft Windows server that acts as an SMB file share requires only network ports listed below. The Microsoft Windows server that acts as an NFS file share requires network ports listed below and also ports listed in the NFS Repository Connections.

From To Protocol Port Notes

Backup server

Microsoft Windows server TCP
UDP
135,
137 to 139,
445
Ports required for deploying Veeam Backup & Replication components.

Backup proxy

TCP 6160 Default port used by the Veeam Installer Service.

Backup repository

TCP 2500 to 3300* Default range of ports used as data transmission channels and for collecting log files.

For every TCP connection that a job uses, one port from this range is assigned.

Gateway server

TCP 6161 [For Microsoft Windows servers running the vPower NFS Service] Default port used by the Veeam vPower NFS Service.

Mount server

TCP 6162 Default port used by the Veeam Data Mover Service.

WAN accelerator

TCP 49152 to 65535
(for Microsoft Windows 2008 and newer)
Dynamic port range. For more information, see this Microsoft KB article.

Tape server

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Linux Server Connections

The following table describes network ports that must be opened to ensure proper communication with Linux servers.

Each Linux server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.

For example, if you assign the role of a backup repository to your Linux server, you must open ports listed below and also ports listed in the Backup Repository Connections section.

The Linux server that acts as an SMB file share requires only network ports listed below. The Linux server that acts as an NFS file share requires network ports listed below and also ports listed in the NFS Repository Connections.

From To Protocol Port Notes

Backup server

Linux server TCP 22 Port used as a control channel from the console to the target Linux host.
TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Linux server

Backup server TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Backup Proxy Connections

The following table describes network ports that must be opened to ensure proper communication of backup proxies with other backup components. File proxies in NAS backup use the same network ports as backup proxies.

From To Protocol Port Notes

Backup server

Backup proxy Backup proxy can be a Microsoft Windows or Linux server. Depending on which server you use, the ports listed in Microsoft Windows Server Connections or Linux Server Connections must be opened.

Communication with Backup Server

Backup server

File proxy TCP 6210 Default port used by the Veeam Backup VSS Integration Service for taking a VSS snapshot during the SMB file share backup.

Communication with VMware Servers

Backup proxy

vCenter Server HTTPS 443 Default VMware web service port that can be customized in vCenter settings.
ESXi server TCP 902 Default VMware port used for data transfer.

This port is not required for VMware Cloud on AWS.

HTTPS 443 Default VMware web service port that can be customized in ESXi host settings. Not required if vCenter connection is used.

This port is not required for VMware Cloud on AWS.

Communication with Backup Repositories

Backup proxy

Microsoft Windows server TCP 49152 to 65535
(for Microsoft Windows 2008 and newer)
Dynamic port range. For more information, see this Microsoft KB article.
Shared folder CIFS (SMB) share TCP
UDP
135,
137 to 139,
445
Ports used as a transmission channel from a backup proxy to the target CIFS (SMB) share.

Traffic goes between a backup proxy and CIFS (SMB) share only if a gateway server is not specified explicitly in CIFS (SMB) backup repository settings (the Automatic selection option is used).

If a gateway server is specified explicitly, traffic goes between a gateway server and CIFS (SMB) share. For more information about required ports, see the Gateway server > Shared folder line below in this table.

Gateway server TCP 49152 to 65535
(for Microsoft Windows 2008 and newer)
Dynamic port range. For more information, see this Microsoft KB article.

Gateway server
(if a gateway server is specified explicitly in CIFS (SMB) backup repository settings)

Shared folder CIFS (SMB) share TCP
UDP
135,
137 to 139,
445
Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share.

Communication with Backup Proxies

Backup proxy

Backup proxy TCP 2500 to 3300* Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Backup Repository Connections

The following table describes network ports that must be opened to ensure proper communication with backup repositories. Cache repositories in NAS backup use the same network ports as backup repositories.

From To Protocol Port Notes

Backup proxy

Microsoft Windows server performing the role of the backup repository Ports listed in Microsoft Windows Server Connections must be opened.

Backup proxy

Linux server performing the role of the backup repository Ports listed in Linux Server Connections must be opened.

Backup repository

Backup proxy TCP 2500 to 3300* Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Source backup repository

Target backup repository TCP 2500 to 3300* Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned.
Ports 2500 to 3300 are used for backup copy jobs that do not utilize WAN accelerators. If the backup copy job utilizes WAN accelerators, make sure that ports specific for WAN accelerators are open.

Microsoft Windows server running vPower NFS service

Backup repository gateway server working with backup repository TCP 2500 to 3300* Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

NFS Repository Connections

The following table describes network ports that must be opened to ensure proper communication with NFS shares added as backup repositories.

From To Protocol Port Notes

NFS backup repository

Gateway server (Microsoft Windows/Linux) TCP
UDP
2049 Default NFS port.
TCP
UDP
111 Port used for rpcbind service.

NFS backup repository
(for repositories supporting NFS protocol version 3)

Gateway server (Microsoft Windows/Linux) TCP
UDP
mountd_port Dynamic port used for mountd service. Can be assigned statically.
TCP
UDP
statd_port Dynamic port used for statd service. Can be assigned statically.
TCP lockd_port Dynamic TCP port used for lockd service. Can be assigned statically.
UDP lockd_port Dynamic UDP port used for lockd service. Can be assigned statically.

Microsoft Windows server performing the role of the gateway server

NFS repository Ports listed in Microsoft Windows Server Connections must be opened.

Linux server performing the role of the gateway server

NFS repository Ports listed in Linux Server Connections must be opened.

Gateway server (specified in the NFS repository settings)

NFS repository TCP
UDP
111, 2049 Standard NFS ports used as a transmission channel from the gateway server to the target NFS share.

Object Storage Repository Connections

The following table describes network ports and endpoints that must be opened to ensure proper communication with object storage repositories.

From To Protocol Port/Endpoint Notes

Gateway server

Amazon S3 Object Storage TCP 443 Used to communicate with Amazon S3 Object Storage.

Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTPS Cloud endpoints:

  • *.amazonaws.com (for both Global and Government regions)
  • *.amazonaws.com.cn (for China region)

A complete list of connection endpoints can be found in this Amazon article.

Certificate verification endpoints:

  • *.amazontrust.com
Microsoft Azure Object Storage TCP 443 Used to communicate with Microsoft Azure Object Storage.

Consider the following:

  • The <xxx> part of the address must be replaced with your actual storage account URL, which can be found in the Azure management portal.
  • Certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.
  • The *.d-trust.net endpoint is used for the Germany region only.
HTTPS Cloud endpoints:

  • xxx.blob.core.windows.net (for Global region)
  • xxx.blob.core.chinacloudapi.cn (for China region)
  • xxx.blob.core.cloudapi.de (for Germany region)
  • xxx.blob.core.usgovcloudapi.net (for Government region)

Certificate verification endpoints:

  • ocsp.digicert.com
  • ocsp.msocsp.com
  • *.d-trust.net
IBM Cloud Object Storage TCP/HTTPS Customizable and depends on device configuration Used to communicate with IBM Cloud Object Storage.
S3 Compatible Object Storage TCP/HTTPS Customizable and depends on device configuration Used to communicate with S3 Compatible Object Storage.

For more information, see Object Storage Repository.

Dell EMC Data Domain System Connections

From To Protocol Port Notes

Backup server
or
Gateway server

Dell EMC Data Domain TCP 111 Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.
TCP 2049 Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode.
TCP 2052 Main port used by NFS MOUNTD. Can be modified via the ‘nfs set mountd-port’ command in SE mode.

Backup server

Gateway server Ports listed in Gateway Server Connections must be opened.

For more information, see Dell EMC Documents.

HPE StoreOnce Connections

From To Protocol Port Notes

Backup server
or
Gateway server

HPE StoreOnce TCP 9387 Default command port used for communication with HPE StoreOnce.
9388 Default data port used for communication with HPE StoreOnce.

Backup server

Gateway server Ports listed in Gateway Server Connections must be opened.

Gateway Server Connections

The following table describes network ports that must be opened to ensure proper communication with gateway servers.

From To Protocol Port Notes

Backup server

Microsoft Windows server performing the role of the gateway server Ports listed in Microsoft Windows Server Connections must be opened.

Backup server

Linux server performing the role of the gateway server (if a gateway server is specified explicitly in NFS backup repository settings) Ports listed in Linux Server Connections must be opened.

Gateway server
(if a gateway server is specified explicitly in CIFS (SMB) backup repository settings)

Shared folder CIFS (SMB) share TCP
UDP
135,
137 to 139,
445
Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share.

Mount Server Connections

The following table describes network ports that must be opened to ensure proper communication with mount servers.

From To Protocol Port Notes

Backup server

Mount server Mount server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.
TCP 6170 Port used for communication with a local or remote Mount Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup server TCP 9401 Port used for communication with the Veeam Backup Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup repository TCP 2500 to 3300* Default range of ports used for communication with a backup repository.

Mount server

Helper appliance TCP 22 Default SSH port used as a control channel.
TCP 2500 to 2600 Default range of ports used for communicating with the appliance.

Mount server

VM guest OS Ports listed in VM Guest OS Connections must be opened.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Microsoft Windows Server Running vPower NFS Service Connections

From To Protocol Port Notes

Backup server

Microsoft Windows server running vPower NFS Service TCP 6160 Default port used by the Veeam Installer Service.
TCP 6161 Default port used by the Veeam vPower NFS Service.

ESXi host

Microsoft Windows server running vPower NFS Service TCP
UDP
111 Standard port used by the port mapper service.
TCP
UDP
1058+ or 1063+ Default mount port. The number of port depends on where the vPower NFS service is located:

  • 1058+: If the vPower NFS service is located on the backup server.
  • 1063+: If the vPower NFS service is located on a separate Microsoft Windows machine.

If port 1058/1063 is occupied, the succeeding port numbers will be used.

TCP
UDP
2049+ Standard NFS port. If port 2049 is occupied, the succeeding port numbers will be used.
Backup repository or
Gateway server working with backup repository
Microsoft Windows server running vPower NFS Service TCP 2500 to 3300* Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Proxy Appliance (Multi-OS FLR) Connections

From To Protocol Port Notes

Backup server

Helper appliance TCP 22 Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process.
TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.
VM guest OS TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Helper appliance

VM guest OS TCP 22 Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process.
TCP 20 [If FTP option is used] Default port used for data transfer.
TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

Helper appliance TCP 22 Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process.
TCP 21 [If FTP option is used] Default port used for protocol control messages.

Helper appliance

Backup repository TCP 2500 to 3300* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

SureReplica Recovery Verification Connections

From To Protocol Port Notes

Backup server

vCenter Server HTTPS TCP 443 Default port used for connections to vCenter Server.
ESXi server HTTPS TCP 443 Default port used for connections to ESXi host.
Not required if vCenter connection is used.
TCP 22 Port used as a control channel (only for jobs that use an ESXi target with the console agent enabled).
Proxy appliance TCP 443 Port used for communication with the proxy appliance in the virtual lab.
22 Port used for communication with the proxy appliance in the virtual lab.
Applications on VMs in the virtual lab Application-specific ports to perform port probing test. For example, to verify a DC, Veeam Backup & Replication probes port 389 for a response.

Internet-facing proxy server

VMs in the virtual lab HTTP 8080 Port used to let VMs in the virtual lab access the Internet.

WAN Accelerator Connections

The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs and replication jobs.

From To Protocol Port Notes

Backup server

WAN accelerator
(source and target)
WAN accelerator is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.
TCP 6160 Default port used by the Veeam Installer Service.
TCP 6162 Default port used by the Veeam Data Mover Service.
TCP 6164 Controlling port for RPC calls.
WAN accelerator
(source and target)
Backup repository
(source and target)
TCP 2500 to 3300* Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as NVRAM, VMX, VMXF, GuestIndexData.zip and others. A port from the range is selected dynamically.

WAN accelerator

WAN accelerator TCP 6164 Controlling port for RPC calls.
TCP 6165 Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Tape Server Connections

The following table describes network ports that must be opened to ensure proper communication with tape servers.

From To Protocol Port Notes

Backup server

Tape server Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.
TCP 6166 Controlling port for RPC calls.
TCP 2500 to 3000* Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Tape server

Backup repository, gateway server or proxy server Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

NDMP Server Connections

The following table describes network ports that must be opened to ensure proper communication with NDMP servers.

From To Protocol Port Notes

Gateway server

NDMP server NDMP 10000 Port used for data transfer between the components.

Dell EMC VNX(e) Storage Connections

From To Protocol Port Notes

Backup server

VNX File SSH 22 Default command port used for communication with VNX File over SSH.
VNX Block HTTPS 443 Default port used for communication with Dell EMC VNX Block.
VNXe HTTPS 443 Default port used for communication with Dell EMC VNXe and sending REST API calls.

Backup proxy

VNX Block

VNXe

TCP 3260 Default iSCSI target port.
VNX File

VNXe

TCP, UDP 2049, 111 Standard NFS ports. Port 111 is used by the port mapper service.

HPE 3PAR StoreServ Storage Connections

From To Protocol Port Notes

Backup server

HPE 3PAR StoreServ storage system HTTP 8008 Default port used for communication with HPE 3PAR StoreServ over HTTP.
HTTPS 8080 Default port used for communication with HPE 3PAR StoreServ over HTTPS.
SSH 22 Default command port used for communication with HPE 3PAR StoreServ over SSH.

Backup proxy

HPE 3PAR StoreServ storage system TCP 3260 Default iSCSI target port.

HPE Lefthand Storage Connections

From To Protocol Port Notes

Backup server

HPE Lefthand storage system SSH 16022 Default command port used for communication with HPE Lefthand.

Backup proxy

HPE Lefthand storage system TCP 3260 Default iSCSI target port.

HPE Nimble Storage Connections

From To Protocol Port Notes

Backup server

HPE Nimble storage system TCP 5392 Default command port used for communication with HPE Nimble (used for Nimble OS 2.3 and later).

Backup proxy

HPE Nimble storage system TCP 3260 Default iSCSI target port.

IBM Spectrum Virtualize Storage Connections

From To Protocol Port Notes

Backup server

IBM Spectrum Virtualize storage system SSH 22 Default command port used for communication with IBM Spectrum Virtualize over SSH.

Backup proxy

IBM Spectrum Virtualize storage system TCP 3260 Default iSCSI target port.

NetApp Data ONTAP Storage Connections

From To Protocol Port Notes

Backup server

NetApp Data ONTAP storage system HTTP 80 Default command port used for communication with NetApp Data ONTAP over HTTP.
HTTPS 443 Default command port used for communication with NetApp Data ONTAP over HTTPS.

Backup proxy

NetApp Data ONTAP storage system TCP, UDP 2049, 111 Standard NFS ports. Port 111 is used by the port mapper service.
TCP 3260 Default iSCSI target port.

Universal Storage API Integrated System Connections

The following tables describe network ports that must be opened to ensure proper communication with Universal Storage API integrated systems:

DataCore SANsymphony Connections

From To Protocol Port Notes

Backup server

DataCore SANsymphony storage system HTTPS 443 Default command port used for communication with DataCore SANsymphony over HTTPS.

Backup proxy

DataCore SANsymphony storage system TCP 3260 Default iSCSI target port.

Dell EMC SC Series

From To Protocol Port Notes

Backup server

Dell EMC SC Series storage system HTTPS 3033 Default command port used for communication with Dell EMC SC Series over HTTPS.

Backup proxy

Dell EMC SC Series storage system TCP 3260 Default iSCSI target port.

Fujitsu ETERNUS DX/AF Connections

From To Protocol Port Notes

Backup server

Fujitsu ETERNUS DX/AF storage system SSH 22 Default command port used for communication with Fujitsu ETERNUS DX/AF over SSH.

Backup proxy

Fujitsu ETERNUS DX/AF storage system TCP 3260 Default iSCSI target port.

INFINIDAT InfiniBox Connections

From To Protocol Port Notes

Backup server

INFINIDAT InfiniBox storage system HTTPS 443 Default command port used for communication with INFINIDAT InfiniBox over HTTPS.

Backup proxy

INFINIDAT InfiniBox storage system TCP 3260 Default iSCSI target port.

Huawei OceanStor Connections

From To Protocol Port Notes

Backup server

Huawei OceanStor storage system HTTPS 8080 Default port used for communication with Huawei OceanStor over HTTPS.

Backup proxy

Huawei OceanStor storage system TCP 3260 Default iSCSI target port.

NetApp SolidFire/HCI Connections

From To Protocol Port Notes

Backup server

NetApp SolidFire/HCI storage system HTTPS 443 Default command port used for communication with NetApp SolidFire/HCI over HTTPS.

Backup proxy

NetApp SolidFire/HCI storage system TCP 3260 Default iSCSI target port.

Pure Storage FlashArray Connections

From To Protocol Port Notes

Backup server

Pure Storage FlashArray system HTTPS 443 Default command port used for communication with Pure Storage FlashArray over HTTPS.

Backup proxy

Pure Storage FlashArray system TCP 3260 Default iSCSI target port.

Tintri IntelliFlash (formerly Western Digital, Tegile)

From To Protocol Port Notes

Backup server

Tintri IntelliFlash system HTTPS 443 Default command port used for communication with Tintri IntelliFlash over HTTPS.

Backup proxy

Tintri IntelliFlash system TCP 3260 Default iSCSI target port.
Tintri IntelliFlash system TCP, UDP 2049, 111 Standard NFS ports. Port 111 is used by the port mapper service.

VM Guest OS Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.

From To Protocol Port Notes

Backup server

Linux VM guest OS TCP 22 Default SSH port used as a control channel.
Guest interaction proxy TCP 6190 Port used for communication with the guest interaction proxy.
TCP 6290 Port used as a control channel for communication with the guest interaction proxy.
TCP, UDP 137 to 139,
445
Ports used as a transmission channel.

Guest interaction proxy

ESXi server TCP 443 Default port used for connections to ESXi host.
[For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.

Guest interaction proxy
or
Mount server

Microsoft Windows VM guest OS TCP, UDP 135,
137 to 139,
445
Ports required to deploy the runtime coordination process on the VM guest OS.
TCP 49152 to 65535 (for Microsoft Windows 2008 and newer) Dynamic port range used by the runtime process deployed inside the VM for guest OS interaction (when working over the network, not over VIX API).*

For more information, see this Microsoft KB article.

TCP 6167,
2500 to 3300**
[For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected.
Linux VM guest OS TCP 22 Default SSH port used as a control channel.
TCP 2500 to 3300** Default range of ports used as transmission channels during Linux file-level recovery and for Oracle log backup.

For every TCP connection that a job uses, one port from this range is assigned.

* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

** This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.

Veeam U-AIR Connections

The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.

From To Protocol Port Notes

U-AIR wizards

Veeam Backup Enterprise Manager TCP 9394 Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation.

Azure Proxy Connections

From To Protocol Port Notes

Backup server/ Backup repository

Azure proxy TCP 443 Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups.

The default port is 443, but you can change it in the settings of the Azure Proxy. For details, see Specify Credentials and Transport Port

Azure Stack Connections

From To Protocol Port Notes

Backup server

Azure Stack HTTPS 443, 30024 Default management and data transport port required for communication with the Azure Stack.

Proxy Appliance Connections (Restore to Amazon EC2)

From To Protocol Port Notes

Backup server/Backup Repository

Proxy appliance TCP 22 Port used as a communication channel to the proxy appliance in the restore to Amazon EC2 process.
TCP 443 Default redirector port. You can change the port in proxy appliance settings. For details, see Specify Proxy Appliance.

Microsoft Active Directory Domain Controller Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.

From To Protocol Port Notes

Backup server

Microsoft
Active Directory VM guest OS
TCP 135 Port required for communication between the domain controller and backup server.
TCP,
UDP
389 LDAP connections.
TCP 636, 3268, 3269 LDAP connections.
TCP 49152 to 65535 (for Microsoft Windows 2008 and newer) Dynamic port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing (when working over the network, not over VIX API).* For more information, see this Microsoft KB article.

* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Microsoft Exchange Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.

From To Protocol Port Notes

Backup server

Microsoft Exchange 2003/2007 CAS Server TCP 80, 443 WebDAV connections.
Microsoft Exchange 2010/2013 CAS Server TCP 443 Microsoft Exchange Web Services Connections.

Microsoft SQL Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.

From To Protocol Port Notes

Backup server

Microsoft
SQL VM guest OS
TCP 1433,
1434 and other
Port used for communication with the Microsoft SQL Server installed inside the VM.

Port numbers depends on configuration of your Microsoft SQL server. For more information, see Microsoft Docs.

SMTP Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.

From To Protocol Port Notes

Backup server

SMTP server TCP 25 Port used by the SMTP server.

Port 25 is most commonly used but the actual port number depends on configuration of your environment.

Veeam Backup Enterprise Manager Connections

Veeam Backup Enterprise Manager Connections

Veeam Explorers Connections

Veeam Cloud Connect Connections

Veeam Cloud Connect Connections

Veeam Agent for Microsoft Windows Connections

Veeam Agent for Linux Connections

Veeam Plug-ins for Enterprise Applications Connections

Internet Connections

If you use an HTTP(S) proxy server to access the Internet, make sure that WinHTTP settings are properly configured on Microsoft Windows machines with Veeam backup infrastructure components. For information on how to configure WinHTTP settings, see Microsoft Docs.

You Might Also Like

No Comments

Leave a Reply

%d 博主赞过: