Ports

The following tables describe network ports that must be opened to ensure proper communication of Veeam Agent operating in the standalone mode with other infrastructure components.

To learn about ports required to enable proper work of Veeam Agent for Linux managed by Veeam Backup & Replication, see the Ports section in the Veeam Agent Management Guide.

Ports IMPORTANT

The list of ports required for computers booted from the Veeam Recovery Media is the same as the list of ports required for Veeam Agent computers.

Communication Between Veeam Agent Components

The following table describes network ports that must be opened to enable proper communication between Veeam Agent for Linux components.

From

To

Protocol

Port

Notes

Veeam Agent computer

Veeam backup server

TCP

10006

Default port used for communication with the Veeam backup server.

Data between the Veeam Agent for Linux computer and backup repositories is transferred directly, bypassing Veeam backup servers.

Shared folder SMB (CIFS) share

TCP
UDP

137 to 139,
445

Ports used as a data transmission channel from the Veeam Agent for Linux computer to the target SMB (CIFS) share.

Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

Shared folder NFS share

TCP
UDP

111,
2049

Standard NFS ports used as a data transmission channel from the Veeam Agent for Linux computer to the target NFS share.

Veeam Agent computer

TCP

2500 to 3300

Default range of ports used for communication between Veeam Agent for Linux components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned.

Ports must be open for incoming and outgoing traffic. Established connections must be allowed.

TCP

10808

Port used locally on the Veeam Agent computer for communication via REST API between Veeam Agent components (such as control panel and command line interface) and Veeam Agent for Linux Service.

Communication with Veeam Backup & Replication Repositories

The following table describes network ports that must be opened to ensure proper communication with Veeam backup repositories.

From

To

Protocol

Port

Notes

Veeam Agent computer

Linux server performing the role of a backup repository

TCP

2500 to 3300

Default range of ports used as data transmission channels. For every TCP connection that a backup job uses, one port from this range is assigned.

Microsoft Windows server performing the role of a backup repository

TCP

49152 to 65535 
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see this Microsoft article.

TCP

2500 to 3300

Default range of ports used as data transmission channels. For every TCP connection that a backup job uses, one port from this range is assigned.

Communication with Veeam Cloud Connect Repositories

The following table describes network ports that must be opened to ensure proper communication with Veeam Cloud Connect repositories.

From

To

Protocol

Port

Notes

Veeam Agent computer

Cloud gateway

TCP

6180

Port on the cloud gateway used to transport Veeam Agent data to the Veeam Cloud Connect repository.

Certificate Revocation Lists

TCP

80 or 443 (most popular)

Veeam Agent computer needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the Veeam Cloud Connect service provider.

Generally, information about CRL locations can be found on the CA website.

Communication with Object Storage

The following table describes network ports and endpoints that must be opened to ensure proper communication with object storage.

From

To

Protocol

Port/Endpoint

Notes

Veeam Agent Computer (Microsoft Windows, Linux, macOS)

Amazon S3 object storage

TCP

443

Port and endpoints used for communication with Amazon S3 object storage.

HTTPS

AWS service endpoints:

  • *.amazonaws.com (for Global and Government regions)
  • *.amazonaws.com.cn (for China region)

A complete list of connection endpoints can be found in AWS Documentation.

TCP

80

Port and endpoints used to verify the certificate status.

Keep in mind that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTP

Certificate verification endpoints:

  • *.amazontrust.com

Microsoft Azure object storage

TCP

443

Port and endpoints used for communication with Microsoft Azure object storage.

Keep in mind that the <xxx> part of the address must be replaced with your actual storage account URL, which can be found in the Azure management portal.

HTTPS

Cloud endpoints:

  • xxx.blob.core.windows.net (for Global region)
  • xxx.blob.core.chinacloudapi.cn (for China region)
  • xxx.blob.core.cloudapi.de (for Germany region)
  • xxx.blob.core.usgovcloudapi.net (for Government region)

TCP

80

Port and endpoints used to verify the certificate status.

Keep in mind that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTP

Certificate verification endpoints:

  • ocsp.digicert.com
  • ocsp.msocsp.com
  • *.d-trust.net (for Germany region)  

Google Cloud storage

TCP

443

Port and endpoints used for communication with Google Cloud storage.

HTTPS

Cloud endpoints:

  • storage.googleapis.com

A complete list of connection endpoints can be found in this Google article.

TCP

80

Port and endpoints used to verify the certificate status.

Keep in mind that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTP

Certificate verification endpoints:

  • ocsp.pki.goog
  • pki.goog
  • crl.pki.goog

IBM Cloud object storage

TCP/HTTPS

Customizable and depends on device configuration

Port and endpoints used for communication with IBM Cloud object storage.

S3 compatible object storage

TCP/HTTPS

Customizable and depends on device configuration

Port and endpoints used for communication with S3 compatible object storage.