This is an archive version of the document. To get the most up-to-date information, see the current version.Used Ports
- Backup Server Connections
- Backup Proxy Connections
- Backup Repository Connections
- EMC Data Domain System Connections
- HPE StoreOnce Connection
- Mount Server Connections
- Proxy Appliance (Multi-OS FLR) Connections
- WAN Accelerator Connections
- Tape Server Connections
- VM Guest OS Connections
- Veeam U-AIR Wizards Connections
- Microsoft Active Directory Domain Controller Connections During Application Item Restore
- Microsoft Exchange Server Connections During Application Item Restore
- Microsoft SQL Server Connections During Application Item Restore
- SMTP Server Connections
- Veeam Backup Enterprise Manager Connections
- Veeam Explorers Connections
This section covers typical connection settings for the backup infrastructure components.
|
During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components. |
- Backup Server Connections
- Backup Proxy Connections
- Backup Repository Connections
- EMC Data Domain System Connections
- HPE StoreOnce Connections
- Mount Server Connections
- Proxy Appliance (Multi-OS FLR) Connections
- WAN Accelerator Connections
- Tape Server Connections
- VM Guest OS Connections
- Veeam U-AIR Wizards Connections
- Microsoft Active Directory Domain Controller Connections During Application Item Restore
- Microsoft Exchange Server Connections During Application Item Restore
- Microsoft SQL Server Connections During Application Item Restore
- SMTP Server Connections
- Veeam Backup Enterprise Manager Connections
- Veeam Explorers
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup server | SCVMM | WCF | 8100 | Default VMM Administrator Console to VMM server port required by the Veeam Backup Management. |
Microsoft Hyper-V server | TCP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
TCP | 6160 | Default port used by the Veeam Installer Service. | ||
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 6163 | Default port used to communicate with Veeam Hyper-V Integration Service. | ||
TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs. For every TCP connection that a job uses, one port from this range is assigned. | ||
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
Linux server | TCP | 22 | Default SSH port used as a control channel from the console to the target Linux server. | |
Microsoft Windows server | TCP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
TCP | 6160 | Default port used by the Veeam Installer Service. | ||
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
SMB3 server | TCP | 6160 | Default port used by the Veeam Installer Service. | |
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
Proxy appliance (multi-OS FLR) | SSH | 22 | Port used as a communication channel from the console to the proxy appliance in the multi-OS file-level recovery process. | |
Gateway server | TCP, UDP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
Mount server | TCP | 9401 | Port used for communication with the mount server. | |
Microsoft SQL Server hosting Veeam Backup & Replication configuration database | TCP | 1433 | Port used for communication with Microsoft SQL Server on which Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance). Additional ports may need to be open depending on your configuration. For more information, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde. | |
DNS server with forward/reverse name resolution of all backup servers | UDP | 53 | Port used for communication with the DNS Server. | |
Veeam Update Notification Server | TCP | 80 | Default port used to download information about available updates from the Veeam Update Notification Server over the Internet. | |
Veeam License Update Server | TCP | 443 | Default port used for license auto-update. | |
Veeam Backup & Replication Console | Backup server | TCP | 9392 | Port used by the Veeam Backup & Replication console to connect to the backup server. |
Linux server | Backup server | TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs writing to Linux target. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows/Linux server | Backup server | TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs writing to Microsoft Windows target. For every TCP connection that a job uses, one port from this range is assigned. |
Management client PC (remote access) | Backup server | TCP | 3389 | Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open. |
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Communication with Backup Server | ||||
Backup server | Off-Host backup proxy | TCP | 6163 | Default port used by the Hyper-V Integration Service. |
SMB3 server | TCP | 6163 | Default port used by the Hyper-V Integration Service. | |
Communication with Backup Repositories | ||||
Hyper-V server/ Off-host backup proxy | Linux server | TCP | 22 | Port used as a control channel from the backup proxy to the target Linux host. |
Microsoft Windows server | TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | |
Shared folder CIFS (SMB) share | TCP | 135, 137 to 139, 445 | Ports used as a transmission channel from the backup proxy to the target CIFS (SMB) share. | |
Gateway server | TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | |
Communication with Backup Proxies | ||||
Hyper-V server | Backup proxy (onhost or offhost) | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft SMB3 server | Backup proxy (onhost or offhost) | TCP | 2500 to 5000 | Ports used to retrieve CBT information from a Microsoft SMB3 server managing shares that host VM disks. |
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Hyper-V server/ Off-host backup proxy | Linux Server performing the role of the backup repository | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows Server performing the role of the backup repository | ||||
Backup repository | Backup proxy | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Source backup repository | Target backup repository | TCP | 2500 to 5000 | Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows Server Running vPower NFS Service Connections | Backup repository gateway server working with backup repository
| TCP | 2500 to 5000 | Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery. For every TCP connection that a job uses, one port from this range is assigned. |
EMC Data Domain System Connections
From | To | Protocol | Port | Notes |
Backup server or gateway server | EMC Data Domain | TCP | 111 | Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned. |
TCP | 2049 | Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode. | ||
TCP | 2052 | Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode. | ||
Backup server | Gateway server | |||
For more information, see https://community.emc.com/docs/DOC-33258.
From | To | Protocol | Port | Notes |
Backup server | HPE StoreOnce | TCP | 9387 | Default command port used for communication with HPE StoreOnce. |
9388 | Default data port used for communication with HPE StoreOnce. | |||
Backup server | Gateway server | |||
From | To | Protocol | Port | Notes |
Mount server | Backup server | TCP | 9401 | Port used for communication with the Veeam Backup Service. |
Backup server | Mount server | TCP | 6170 | Port used for communication with a local or remote Mount Service. |
Proxy Appliance (Multi-OS FLR) Connections
From | To | Protocol | Port | Notes |
Backup server | Proxy appliance | TCP | 22 | Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process. |
TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
VM guest OS | TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | |
Proxy appliance | VM guest OS | TCP | 22 | Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process. |
TCP | 20 | [If FTP option is used] Default port used for data transfer. | ||
TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
VM guest OS | Proxy appliance | TCP | 22 | Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process. |
TCP | 21 | [If FTP option is used} Default port used for protocol control messages. |
From | To | Protocol | Port | Notes |
Communication with Backup Server | ||||
Backup server | WAN accelerator | TCP | 6160 | Default port used by the Veeam Installer Service. |
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 6164 | Controlling port for RPC calls. | ||
Communication with Backup Repositories | ||||
WAN accelerator | Backup repository | TCP | 2500 to 5000 | Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as GuestIndexData.zip and others. A port from the range is selected dynamically. |
Communication Between WAN Accelerators | ||||
WAN accelerator | WAN accelerator | TCP | 6164 | Controlling port for RPC calls. |
TCP | 6165 | Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed. | ||
From | To | Protocol | Port | Notes |
Backup server | Tape server | TCP | 6166 | Controlling port for RPC calls. |
From | To | Protocol | Port | Notes |
Backup server | Linux VM guest OS | TCP | 22 | Default SSH port used as a control channel. |
Guest interaction proxy | TCP | 6190 | Port used for communication with the guest interaction proxy. | |
TCP | 6290 | Port used as a control channel for communication with the guest interaction proxy. | ||
Guest interaction proxy | Microsoft Windows VM guest OS | TCP, UDP | 135, 137-139, 445 | Ports required to deploy the runtime coordination process on the VM guest OS. |
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
TCP | 6167 | [For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected. | ||
Microsoft Windows VM guest OS | Guest interaction proxy | TCP |
49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction . For more information, see http://support.microsoft.com/kb/929851/en-us. |
Veeam U-AIR Wizards Connections
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
U-AIR wizards | Veeam Backup Enterprise Manager | TCP | 9394 | Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation. |
Microsoft Active Directory Domain Controller Connections During Application Item Restore
From | To | Protocol | Port | Notes |
Backup server | Microsoft | TCP | 135 | Port required for communication between the domain controller and backup server. |
TCP, | 389 | LDAP connections. | ||
TCP | 636, 3268, 3269 | LDAP connections. | ||
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing* For more information, see http://support.microsoft.com/kb/929851/en-us. |
Microsoft Exchange Server Connections During Application Item Restore
From | To | Protocol | Port | Notes |
Backup server | Microsoft Exchange 2003/2007 CAS Server | TCP | 80, 443 | WebDAV connections |
Microsoft Exchange 2010/2013 CAS Server | TCP | 443 | Microsoft Exchange Web Services Connections
|
Microsoft SQL Server Connections During Application Item Restore
From | To | Protocol | Port | Notes |
Backup server | Microsoft | TCP | 1433,1434 and other | Port used for communication with the Microsoft SQL Server installed inside the VM. Port numbers depends on configuration of your Microsoft SQL server. For more information, see http://msdn.microsoft.com/en-us/library/cc646023.aspx#BKMK_ssde. |
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup server | SMTP server | TCP | 25 | Port used by the SMTP server. Port 25 is most commonly used but the actual port number depends on configuration of your environment. |
Veeam Backup Enterprise Manager Connections
From | To | Protocol | Port | Notes |
Veeam Backup Enterprise Manager | Backup server | TCP | 9392 | Default port used by Veeam Backup Enterprise Manager for collecting data from backup servers. Can be customized during Veeam Backup & Replication installation. |
TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
TCP | 135 | Default RPC port. | ||
TCP | 9393 | Default port used by the Veeam Guest Catalog Service for catalog replication. Can be customized during Veeam Backup & Replication installation. | ||
2500 to 2600 | Ports used by the Veeam Guest Catalog Service for replicating catalog data. | |||
Active Directory | TCP | As listed at http://support.microsoft.com/kb/832017/en-us#method1. | Ports used by Enterprise Manager Service to communicate to Active Directory; also used when performing Self-Service Restore. | |
Microsoft Search Server | TCP | 9395 | Default port used by the Veeam Backup Search Service integration component. Can be customized during Veeam Backup Search installation. | |
Microsoft SQL Server hosting the Veeam Backup Enterprise Manager configuration database | TCP | 1433 | Port used for communication with Microsoft SQL Server on which the Veeam Backup Enterprise Manager configuration database is deployed (if you use a Microsoft SQL Server default instance). Additional ports may need to be open depending on your configuration. For more information, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde. | |
Enterprise Manager web site (IIS extension) | Veeam Backup Enterprise Manager Service | TCP | 9394 | Default port used by Enterprise Manager web site (IIS extension) to communicate with Enterprise Manager Service. Can be customized during Enterprise Manager installation. |
TCP | 9393 | Default port used to enable file search. Can be customized during Enterprise Manager installation. | ||
Browser | Enterprise Manager web site (IIS extension) | HTTP | 9080 | Default ports used to communicate with the website. Can be customized during Enterprise Manager installation. |
HTTPS | 9443 | |||
Enterprise Manager RestAPI client | Enterprise Manager RESTful API | HTTP | 9399 | Default ports used to communicate with Veeam Backup Enterprise Manager Web API. Can be customized during Enterprise Manager installation. |
HTTPS | 9398 |
