|
有些Linux发行版需要手动创建防火墙和/或安全规则。有关详细信息,请参阅这篇Veeam知识库文章。 汉化问题等有时间在处理吧~ |
你可以在下面找到端口的完整列表。
- 备份服务器连接
- Veeam备份和复制控制台连接
- Microsoft Windows Server连接
- Linux服务器连接
- 备份代理连接
- Backup Repository Connections
- NFS Repository Connections
- Object Storage Repository Connections
- Dell EMC Data Domain System Connections
- HPE StoreOnce Connections
- Gateway Server Connections
- Mount Server Connections
- Microsoft Windows Server Running vPower NFS Service Connections
- Proxy Appliance (Multi-OS FLR) Connections
- SureReplica Recovery Verification Connections
- WAN Accelerator Connections
- Tape Server Connections
- NDMP Server Connections
- Dell EMC VNX(e) Storage Connections
- HPE 3PAR StoreServ Storage Connections
- HPE Lefthand Storage Connections
- HPE Nimble Storage Connections
- IBM Spectrum Virtualize Storage Connections
- NetApp Data ONTAP Storage Connections
- Universal Storage API Integrated System Connections
- VM Guest OS Connections
- Veeam U-AIR Connections
- Microsoft Azure Proxy Connections
- Microsoft Azure Stack Connections
- Proxy Appliance Connections (Restore to Amazon EC2)
- Microsoft Active Directory Domain Controller Connections During Application Item Restore
- Microsoft Exchange Server Connections During Application Item Restore
- Microsoft SQL Server Connections During Application Item Restore
- SMTP Server Connections
- Veeam Backup Enterprise Manager Connections
- Veeam Explorers Connections
- Veeam Cloud Connect Connections
- Veeam Agent for Microsoft Windows Connections
- Veeam Agent for Linux Connections
- Veeam Plug-ins for Enterprise Applications Connections
- Internet Connections
The following table describes network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Virtualization Servers |
||||
|
Backup server |
vCenter Server | HTTPS TCP | 443 | Default port used for connections to vCenter Server.
If you use vCloud Director, make sure you open port 443 on underlying vCenter Servers. |
| HTTPS TCP | 10443 | Port used for communication with vCenter Server.
This port is not required for VMware Cloud on AWS. |
||
| ESXi server | HTTPS TCP | 443 | Default port used for connections to ESXi host. [For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.Note: When you configure firewalls, consider opening port 443 on ESXi hosts even if you add vCenter Server to the backup infrastructure. Port 443 may be required for backup and restore without vCenter Server, for example, if you back up a VM that hosts vCenter Server and restore it when vCenter Server is down.This port is not required for VMware Cloud on AWS. |
|
| TCP | 902 | Port used for data transfer to ESXi host.
This port is not required for VMware Cloud on AWS. |
||
| TCP | 22 | Port used as a control channel (only for jobs that use an ESXi target with the console agent enabled).
This port is not required for VMware Cloud on AWS. |
||
| vCloud Director | HTTPS TCP | 443 | Default port used for connections to vCloud Director. | |
|
Other Servers |
||||
|
Backup server |
Microsoft SQL Server hosting the Veeam Backup & Replication configuration database | TCP | 1433 | Port used for communication with Microsoft SQL Server on which the Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance).
Additional ports may need to be open depending on your configuration. For more information, see Microsoft Docs. |
| DNS server with forward/reverse name resolution of all backup servers | UDP | 53 | Port used for communication with the DNS Server. | |
| Veeam Update Notification Server (dev.veeam.com) | TCP | 80 | Default port used to download information about available updates from the Veeam Update Notification Server over the Internet. | |
| Veeam License Update Server (autolk.veeam.com) | TCP | 443 | Default port used for license auto-update. | |
|
Backup Server |
||||
|
Backup server |
Backup server | TCP | 9501 | Port used locally on the backup server for communication between Veeam Broker Service and Veeam services and components. |
|
Remote Access |
||||
|
Management client PC (remote access) |
Backup server | TCP | 3389 | Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open. |
Veeam Backup & Replication Console Connections
The following table describes network ports that must be opened to ensure proper communication with the Veeam Backup & Replication console installed remotely.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Veeam Backup & Replication Console |
Backup server | TCP | 9392 | Port used by the Veeam Backup & Replication console to connect to the backup server. |
| TCP | 10003 | Port used by the Veeam Backup & Replication console to connect to the backup server only when managing the Veeam Cloud Connect infrastructure. | ||
| TCP | 9396 | Port used by the Veeam.Backup.UIService process for managing database connections. | ||
|
Veeam Backup & Replication Console |
Mount server (if the mount server is not located on the console) | TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
Microsoft Windows Server Connections
The following table describes network ports that must be opened to ensure proper communication with Microsoft Windows servers.
Each Microsoft Windows server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.
For example, if you assign the role of a backup proxy to your Microsoft Windows server, you must open ports listed below and also ports listed in the Backup Proxy Connections section.
The Microsoft Windows server that acts as an SMB file share requires only network ports listed below. The Microsoft Windows server that acts as an NFS file share requires network ports listed below and also ports listed in the NFS Repository Connections.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft Windows server | TCP UDP |
135, 137 to 139, 445 |
Ports required for deploying Veeam Backup & Replication components. |
|
Backup proxy |
TCP | 6160 | Default port used by the Veeam Installer Service. | |
|
Backup repository |
TCP | 2500 to 3300* | Default range of ports used as data transmission channels and for collecting log files.
For every TCP connection that a job uses, one port from this range is assigned. |
|
|
Gateway server |
TCP | 6161 | [For Microsoft Windows servers running the vPower NFS Service] Default port used by the Veeam vPower NFS Service. | |
|
Mount server |
TCP | 6162 | Default port used by the Veeam Data Mover Service. | |
|
WAN accelerator |
TCP | 49152 to 65535 (for Microsoft Windows 2008 and newer) |
Dynamic port range. For more information, see this Microsoft KB article. | |
|
Tape server |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication with Linux servers.
Each Linux server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.
For example, if you assign the role of a backup repository to your Linux server, you must open ports listed below and also ports listed in the Backup Repository Connections section.
The Linux server that acts as an SMB file share requires only network ports listed below. The Linux server that acts as an NFS file share requires network ports listed below and also ports listed in the NFS Repository Connections.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Linux server | TCP | 22 | Port used as a control channel from the console to the target Linux host. |
| TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
|
Linux server |
Backup server | TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication of backup proxies with other backup components. File proxies in NAS backup use the same network ports as backup proxies.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Backup proxy | Backup proxy can be a Microsoft Windows or Linux server. Depending on which server you use, the ports listed in Microsoft Windows Server Connections or Linux Server Connections must be opened. | ||
|
Communication with Backup Server |
||||
|
Backup server |
File proxy | TCP | 6210 | Default port used by the Veeam Backup VSS Integration Service for taking a VSS snapshot during the SMB file share backup. |
|
Communication with VMware Servers |
||||
|
Backup proxy |
vCenter Server | HTTPS | 443 | Default VMware web service port that can be customized in vCenter settings. |
| ESXi server | TCP | 902 | Default VMware port used for data transfer.
This port is not required for VMware Cloud on AWS. |
|
| HTTPS | 443 | Default VMware web service port that can be customized in ESXi host settings. Not required if vCenter connection is used.
This port is not required for VMware Cloud on AWS. |
||
|
Communication with Backup Repositories |
||||
|
Backup proxy |
Microsoft Windows server | TCP | 49152 to 65535 (for Microsoft Windows 2008 and newer) |
Dynamic port range. For more information, see this Microsoft KB article. |
| Shared folder CIFS (SMB) share | TCP UDP |
135, 137 to 139, 445 |
Ports used as a transmission channel from a backup proxy to the target CIFS (SMB) share.
Traffic goes between a backup proxy and CIFS (SMB) share only if a gateway server is not specified explicitly in CIFS (SMB) backup repository settings (the Automatic selection option is used). If a gateway server is specified explicitly, traffic goes between a gateway server and CIFS (SMB) share. For more information about required ports, see the Gateway server > Shared folder line below in this table. |
|
| Gateway server | TCP | 49152 to 65535 (for Microsoft Windows 2008 and newer) |
Dynamic port range. For more information, see this Microsoft KB article. | |
|
Gateway server |
Shared folder CIFS (SMB) share | TCP UDP |
135, 137 to 139, 445 |
Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share. |
|
Communication with Backup Proxies |
||||
|
Backup proxy |
Backup proxy | TCP | 2500 to 3300* | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication with backup repositories. Cache repositories in NAS backup use the same network ports as backup repositories.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup proxy |
Microsoft Windows server performing the role of the backup repository | Ports listed in Microsoft Windows Server Connections must be opened. | ||
|
Backup proxy |
Linux server performing the role of the backup repository | Ports listed in Linux Server Connections must be opened. | ||
|
Backup repository |
Backup proxy | TCP | 2500 to 3300* | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
|
Source backup repository |
Target backup repository | TCP | 2500 to 3300* | Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned. Ports 2500 to 3300 are used for backup copy jobs that do not utilize WAN accelerators. If the backup copy job utilizes WAN accelerators, make sure that ports specific for WAN accelerators are open. |
|
Microsoft Windows server running vPower NFS service |
Backup repository gateway server working with backup repository | TCP | 2500 to 3300* | Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.
For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication with NFS shares added as backup repositories.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
NFS backup repository |
Gateway server (Microsoft Windows/Linux) | TCP UDP |
2049 | Default NFS port. |
| TCP UDP |
111 | Port used for rpcbind service. | ||
|
NFS backup repository |
Gateway server (Microsoft Windows/Linux) | TCP UDP |
mountd_port | Dynamic port used for mountd service. Can be assigned statically. |
| TCP UDP |
statd_port | Dynamic port used for statd service. Can be assigned statically. | ||
| TCP | lockd_port | Dynamic TCP port used for lockd service. Can be assigned statically. | ||
| UDP | lockd_port | Dynamic UDP port used for lockd service. Can be assigned statically. | ||
|
Microsoft Windows server performing the role of the gateway server |
NFS repository | Ports listed in Microsoft Windows Server Connections must be opened. | ||
|
Linux server performing the role of the gateway server |
NFS repository | Ports listed in Linux Server Connections must be opened. | ||
|
Gateway server (specified in the NFS repository settings) |
NFS repository | TCP UDP |
111, 2049 | Standard NFS ports used as a transmission channel from the gateway server to the target NFS share. |
Object Storage Repository Connections
The following table describes network ports and endpoints that must be opened to ensure proper communication with object storage repositories.
| From | To | Protocol | Port/Endpoint | Notes |
|---|---|---|---|---|
|
Gateway server |
Amazon S3 Object Storage | TCP | 443 | Used to communicate with Amazon S3 Object Storage.
Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. |
| HTTPS | Cloud endpoints:
A complete list of connection endpoints can be found in this Amazon article. Certificate verification endpoints:
|
|||
| Microsoft Azure Object Storage | TCP | 443 | Used to communicate with Microsoft Azure Object Storage.
Consider the following:
|
|
| HTTPS | Cloud endpoints:
Certificate verification endpoints:
|
|||
| IBM Cloud Object Storage | TCP/HTTPS | Customizable and depends on device configuration | Used to communicate with IBM Cloud Object Storage. | |
| S3 Compatible Object Storage | TCP/HTTPS | Customizable and depends on device configuration | Used to communicate with S3 Compatible Object Storage. |
For more information, see Object Storage Repository.
Dell EMC Data Domain System Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Dell EMC Data Domain | TCP | 111 | Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned. |
| TCP | 2049 | Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode. | ||
| TCP | 2052 | Main port used by NFS MOUNTD. Can be modified via the ‘nfs set mountd-port’ command in SE mode. | ||
|
Backup server |
Gateway server | Ports listed in Gateway Server Connections must be opened. | ||
For more information, see Dell EMC Documents.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
HPE StoreOnce | TCP | 9387 | Default command port used for communication with HPE StoreOnce. |
| 9388 | Default data port used for communication with HPE StoreOnce. | |||
|
Backup server |
Gateway server | Ports listed in Gateway Server Connections must be opened. | ||
The following table describes network ports that must be opened to ensure proper communication with gateway servers.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft Windows server performing the role of the gateway server | Ports listed in Microsoft Windows Server Connections must be opened. | ||
|
Backup server |
Linux server performing the role of the gateway server (if a gateway server is specified explicitly in NFS backup repository settings) | Ports listed in Linux Server Connections must be opened. | ||
|
Gateway server |
Shared folder CIFS (SMB) share | TCP UDP |
135, 137 to 139, 445 |
Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share. |
The following table describes network ports that must be opened to ensure proper communication with mount servers.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Mount server | Mount server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened. | ||
| TCP | 6170 | Port used for communication with a local or remote Mount Service. | ||
|
Mount server |
Backup server | TCP | 9401 | Port used for communication with the Veeam Backup Service. |
|
Mount server |
Backup repository | TCP | 2500 to 3300* | Default range of ports used for communication with a backup repository. |
|
Mount server |
Helper appliance | TCP | 22 | Default SSH port used as a control channel. |
| TCP | 2500 to 2600 | Default range of ports used for communicating with the appliance. | ||
|
Mount server |
VM guest OS | Ports listed in VM Guest OS Connections must be opened. | ||
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
Microsoft Windows Server Running vPower NFS Service Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft Windows server running vPower NFS Service | TCP | 6160 | Default port used by the Veeam Installer Service. |
| TCP | 6161 | Default port used by the Veeam vPower NFS Service. | ||
|
ESXi host |
Microsoft Windows server running vPower NFS Service | TCP UDP |
111 | Standard port used by the port mapper service. |
| TCP UDP |
1058+ or 1063+ | Default mount port. The number of port depends on where the vPower NFS service is located:
If port 1058/1063 is occupied, the succeeding port numbers will be used. |
||
| TCP UDP |
2049+ | Standard NFS port. If port 2049 is occupied, the succeeding port numbers will be used. | ||
| Backup repository or Gateway server working with backup repository |
Microsoft Windows server running vPower NFS Service | TCP | 2500 to 3300* | Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.
For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
Proxy Appliance (Multi-OS FLR) Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Helper appliance | TCP | 22 | Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process. |
| TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
| VM guest OS | TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | |
|
Helper appliance |
VM guest OS | TCP | 22 | Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process. |
| TCP | 20 | [If FTP option is used] Default port used for data transfer. | ||
| TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
|
VM guest OS |
Helper appliance | TCP | 22 | Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process. |
| TCP | 21 | [If FTP option is used] Default port used for protocol control messages. | ||
|
Helper appliance |
Backup repository | TCP | 2500 to 3300* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. |
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
SureReplica Recovery Verification Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
vCenter Server | HTTPS TCP | 443 | Default port used for connections to vCenter Server. |
| ESXi server | HTTPS TCP | 443 | Default port used for connections to ESXi host. Not required if vCenter connection is used. |
|
| TCP | 22 | Port used as a control channel (only for jobs that use an ESXi target with the console agent enabled). | ||
| Proxy appliance | TCP | 443 | Port used for communication with the proxy appliance in the virtual lab. | |
| 22 | Port used for communication with the proxy appliance in the virtual lab. | |||
| Applications on VMs in the virtual lab | — | — | Application-specific ports to perform port probing test. For example, to verify a DC, Veeam Backup & Replication probes port 389 for a response. | |
|
Internet-facing proxy server |
VMs in the virtual lab | HTTP | 8080 | Port used to let VMs in the virtual lab access the Internet. |
The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs and replication jobs.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
WAN accelerator (source and target) |
WAN accelerator is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened. | ||
| TCP | 6160 | Default port used by the Veeam Installer Service. | ||
| TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
| TCP | 6164 | Controlling port for RPC calls. | ||
| WAN accelerator (source and target) |
Backup repository (source and target) |
TCP | 2500 to 3300* | Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as NVRAM, VMX, VMXF, GuestIndexData.zip and others. A port from the range is selected dynamically. |
|
WAN accelerator |
WAN accelerator | TCP | 6164 | Controlling port for RPC calls. |
| TCP | 6165 | Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed. | ||
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication with tape servers.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Tape server | Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened. | ||
| TCP | 6166 | Controlling port for RPC calls. | ||
| TCP | 2500 to 3000* | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
|
Tape server |
Backup repository, gateway server or proxy server | Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened. | ||
* This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication with NDMP servers.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Gateway server |
NDMP server | NDMP | 10000 | Port used for data transfer between the components. |
Dell EMC VNX(e) Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
VNX File | SSH | 22 | Default command port used for communication with VNX File over SSH. |
| VNX Block | HTTPS | 443 | Default port used for communication with Dell EMC VNX Block. | |
| VNXe | HTTPS | 443 | Default port used for communication with Dell EMC VNXe and sending REST API calls. | |
|
Backup proxy |
VNX Block
VNXe |
TCP | 3260 | Default iSCSI target port. |
| VNX File
VNXe |
TCP, UDP | 2049, 111 | Standard NFS ports. Port 111 is used by the port mapper service. |
HPE 3PAR StoreServ Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
HPE 3PAR StoreServ storage system | HTTP | 8008 | Default port used for communication with HPE 3PAR StoreServ over HTTP. |
| HTTPS | 8080 | Default port used for communication with HPE 3PAR StoreServ over HTTPS. | ||
| SSH | 22 | Default command port used for communication with HPE 3PAR StoreServ over SSH. | ||
|
Backup proxy |
HPE 3PAR StoreServ storage system | TCP | 3260 | Default iSCSI target port. |
HPE Lefthand Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
HPE Lefthand storage system | SSH | 16022 | Default command port used for communication with HPE Lefthand. |
|
Backup proxy |
HPE Lefthand storage system | TCP | 3260 | Default iSCSI target port. |
HPE Nimble Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
HPE Nimble storage system | TCP | 5392 | Default command port used for communication with HPE Nimble (used for Nimble OS 2.3 and later). |
|
Backup proxy |
HPE Nimble storage system | TCP | 3260 | Default iSCSI target port. |
IBM Spectrum Virtualize Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
IBM Spectrum Virtualize storage system | SSH | 22 | Default command port used for communication with IBM Spectrum Virtualize over SSH. |
|
Backup proxy |
IBM Spectrum Virtualize storage system | TCP | 3260 | Default iSCSI target port. |
NetApp Data ONTAP Storage Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
NetApp Data ONTAP storage system | HTTP | 80 | Default command port used for communication with NetApp Data ONTAP over HTTP. |
| HTTPS | 443 | Default command port used for communication with NetApp Data ONTAP over HTTPS. | ||
|
Backup proxy |
NetApp Data ONTAP storage system | TCP, UDP | 2049, 111 | Standard NFS ports. Port 111 is used by the port mapper service. |
| TCP | 3260 | Default iSCSI target port. |
Universal Storage API Integrated System Connections
The following tables describe network ports that must be opened to ensure proper communication with Universal Storage API integrated systems:
- DataCore SANsymphony
- Dell EMC SC Series
- Fujitsu ETERNUS DX/AF Connections
- Huawei OceanStor Connections
- INFINIDAT InfiniBox Connections
- NetApp SolidFire/HCI Connections
- Pure Storage FlashArray Connections
- Tintri IntelliFlash (formerly Western Digital, Tegile)
DataCore SANsymphony Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
DataCore SANsymphony storage system | HTTPS | 443 | Default command port used for communication with DataCore SANsymphony over HTTPS. |
|
Backup proxy |
DataCore SANsymphony storage system | TCP | 3260 | Default iSCSI target port. |
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Dell EMC SC Series storage system | HTTPS | 3033 | Default command port used for communication with Dell EMC SC Series over HTTPS. |
|
Backup proxy |
Dell EMC SC Series storage system | TCP | 3260 | Default iSCSI target port. |
Fujitsu ETERNUS DX/AF Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Fujitsu ETERNUS DX/AF storage system | SSH | 22 | Default command port used for communication with Fujitsu ETERNUS DX/AF over SSH. |
|
Backup proxy |
Fujitsu ETERNUS DX/AF storage system | TCP | 3260 | Default iSCSI target port. |
INFINIDAT InfiniBox Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
INFINIDAT InfiniBox storage system | HTTPS | 443 | Default command port used for communication with INFINIDAT InfiniBox over HTTPS. |
|
Backup proxy |
INFINIDAT InfiniBox storage system | TCP | 3260 | Default iSCSI target port. |
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Huawei OceanStor storage system | HTTPS | 8080 | Default port used for communication with Huawei OceanStor over HTTPS. |
|
Backup proxy |
Huawei OceanStor storage system | TCP | 3260 | Default iSCSI target port. |
NetApp SolidFire/HCI Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
NetApp SolidFire/HCI storage system | HTTPS | 443 | Default command port used for communication with NetApp SolidFire/HCI over HTTPS. |
|
Backup proxy |
NetApp SolidFire/HCI storage system | TCP | 3260 | Default iSCSI target port. |
Pure Storage FlashArray Connections
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Pure Storage FlashArray system | HTTPS | 443 | Default command port used for communication with Pure Storage FlashArray over HTTPS. |
|
Backup proxy |
Pure Storage FlashArray system | TCP | 3260 | Default iSCSI target port. |
Tintri IntelliFlash (formerly Western Digital, Tegile)
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Tintri IntelliFlash system | HTTPS | 443 | Default command port used for communication with Tintri IntelliFlash over HTTPS. |
|
Backup proxy |
Tintri IntelliFlash system | TCP | 3260 | Default iSCSI target port. |
| Tintri IntelliFlash system | TCP, UDP | 2049, 111 | Standard NFS ports. Port 111 is used by the port mapper service. |
The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Linux VM guest OS | TCP | 22 | Default SSH port used as a control channel. |
| Guest interaction proxy | TCP | 6190 | Port used for communication with the guest interaction proxy. | |
| TCP | 6290 | Port used as a control channel for communication with the guest interaction proxy. | ||
| TCP, UDP | 137 to 139, 445 |
Ports used as a transmission channel. | ||
|
Guest interaction proxy |
ESXi server | TCP | 443 | Default port used for connections to ESXi host. [For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services. |
|
Guest interaction proxy |
Microsoft Windows VM guest OS | TCP, UDP | 135, 137 to 139, 445 |
Ports required to deploy the runtime coordination process on the VM guest OS. |
| TCP | 49152 to 65535 (for Microsoft Windows 2008 and newer) | Dynamic port range used by the runtime process deployed inside the VM for guest OS interaction (when working over the network, not over VIX API).*
For more information, see this Microsoft KB article. |
||
| TCP | 6167, 2500 to 3300** |
[For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected. | ||
| Linux VM guest OS | TCP | 22 | Default SSH port used as a control channel. | |
| TCP | 2500 to 3300** | Default range of ports used as transmission channels during Linux file-level recovery and for Oracle log backup.
For every TCP connection that a job uses, one port from this range is assigned. |
* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.
** This range of ports applies to newly added backup infrastructure components. If you upgrade to Veeam Backup & Replication 10.0 from earlier versions of the product, the range of ports from 2500 to 5000 applies to the already added components.
The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
U-AIR wizards |
Veeam Backup Enterprise Manager | TCP | 9394 | Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation. |
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server/ Backup repository |
Azure proxy | TCP | 443 | Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups.
The default port is 443, but you can change it in the settings of the Azure Proxy. For details, see Specify Credentials and Transport Port |
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Azure Stack | HTTPS | 443, 30024 | Default management and data transport port required for communication with the Azure Stack. |
Proxy Appliance Connections (Restore to Amazon EC2)
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server/Backup Repository |
Proxy appliance | TCP | 22 | Port used as a communication channel to the proxy appliance in the restore to Amazon EC2 process. |
| TCP | 443 | Default redirector port. You can change the port in proxy appliance settings. For details, see Specify Proxy Appliance. |
Microsoft Active Directory Domain Controller Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft Active Directory VM guest OS |
TCP | 135 | Port required for communication between the domain controller and backup server. |
| TCP, UDP |
389 | LDAP connections. | ||
| TCP | 636, 3268, 3269 | LDAP connections. | ||
| TCP | 49152 to 65535 (for Microsoft Windows 2008 and newer) | Dynamic port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing (when working over the network, not over VIX API).* For more information, see this Microsoft KB article. |
* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.
Microsoft Exchange Server Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft Exchange 2003/2007 CAS Server | TCP | 80, 443 | WebDAV connections. |
| Microsoft Exchange 2010/2013 CAS Server | TCP | 443 | Microsoft Exchange Web Services Connections. |
Microsoft SQL Server Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
Microsoft SQL VM guest OS |
TCP | 1433, 1434 and other |
Port used for communication with the Microsoft SQL Server installed inside the VM.
Port numbers depends on configuration of your Microsoft SQL server. For more information, see Microsoft Docs. |
The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.
| From | To | Protocol | Port | Notes |
|---|---|---|---|---|
|
Backup server |
SMTP server | TCP | 25 | Port used by the SMTP server.
Port 25 is most commonly used but the actual port number depends on configuration of your environment. |
Veeam Backup Enterprise Manager Connections
Veeam Backup Enterprise Manager Connections
- Veeam Explorer for Microsoft Active Directory Connections
- Veeam Explorer for Microsoft Exchange Connections
- Veeam Explorer for Microsoft SharePoint Connections
- Veeam Explorer for Microsoft SQL Server Connections
- Veeam Explorer for Oracle Connections
Veeam Cloud Connect Connections
Veeam Cloud Connect Connections
Veeam Agent for Microsoft Windows Connections
- Connections for Veeam Agent for Microsoft Windows Operating in Managed Mode
- Connections for Veeam Agent for Microsoft Windows Operating in Standalone Mode
Veeam Agent for Linux Connections
- Connections for Veeam Agent for Linux Operating in Managed Mode
- Connections for Veeam Agent for Linux Operating in Standalone Mode
Veeam Plug-ins for Enterprise Applications Connections
If you use an HTTP(S) proxy server to access the Internet, make sure that WinHTTP settings are properly configured on Microsoft Windows machines with Veeam backup infrastructure components. For information on how to configure WinHTTP settings, see Microsoft Docs.
No Comments