Ports
NOTE |
The following tables describe network ports that must be opened to ensure proper communication of Veeam Agent operating in the standalone mode with other infrastructure components. To learn about ports required to enable proper work of Veeam Agent for Microsoft Windows managed by Veeam Backup & Replication, see the Ports section in the Veeam Agent Management Guide. |
|
The list of ports required for computers booted from the Veeam Recovery Media is the same as the list of ports required for Veeam Agent computers. |
Communication Between Veeam Agent Components
The following table describes network ports that must be opened to enable proper communication between Veeam Agent for Microsoft Windows components.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Agent Computer | Veeam Agent Computer | TCP | 9395+, | Ports used locally on the Veeam Agent computer for communication between Veeam Agent components and Veeam Agent for Microsoft Windows Service. If the default port number is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number. |
Veeam Update Notification Server | TCP | 443 | Default port used to download information about available updates from the Veeam Update Notification Server over the Internet. |
Communication with Veeam Backup & Replication Repositories
The following table describes network ports that must be opened to ensure proper communication with Veeam backup repositories.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Agent Computer | Veeam Backup Server | TCP | 10001 | Default port used by Veeam Agent for Microsoft Windows operating in the standalone mode for communication with the Veeam Backup server. Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers. |
Linux server performing the role of a backup repository | TCP | 2500 to 3300 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | |
Microsoft Windows server performing the role of a backup repository | TCP | 49152-65535 | Dynamic RPC port range. For more information, see Microsoft documentation. | |
TCP | 2500 to 3300 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
Shared folder SMB (CIFS) share | TCP | 137 to 139, | Ports used as a transmission channel from the Veeam Agent computer to the target SMB (CIFS) share. Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS. Port 443 is used to connect the target SMB (CIFS) share over QUIC. For more information, see Microsoft documentation. | |
Gateway Microsoft Windows server | TCP | 137 to 139, | If an SMB (CIFS) share is used as a backup repository and a Microsoft Windows server is selected as a gateway server for this CIFS share, these ports must be opened on the gateway Microsoft Windows server. Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS. | |
TCP | 49152-65535 | Dynamic RPC port range. For more information, see Microsoft documentation. | ||
TCP | 2500 to 3300 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. |
Communication with Veeam Cloud Connect Repositories
The following table describes network ports that must be opened to ensure proper communication with Veeam Cloud Connect repositories.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Agent Computer | Cloud gateway | TCP | 6180 | Port on the cloud gateway used to transport Veeam Agent data to the Veeam Cloud Connect repository. |
Certificate Revocation Lists | TCP | 80 or 443 (most popular) | Veeam Agent computer needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the Veeam Cloud Connect service provider. Generally, information about CRL locations can be found on the CA website. |
Communication with Object Storage
The following table describes network ports that must be opened to ensure proper communication with object storage if you back up data to object storage directly or to object storage added as a Veeam backup repository with the direct connection mode. For more information about object storage connection modes, see Connection Types.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Agent Computer | Amazon S3 object storage | TCP | 443 | Used to communicate with the Amazon S3 object storage through the following endpoints:
All AWS service endpoints are specified in the AWS documentation. |
80 | Used to verify the certificate status through the following endpoints:
Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. | |||
Microsoft Azure object storage | TCP | 443 | Used to communicate with the Microsoft Azure object storage through the following endpoints:
Consider that the <xxx> part of the address must be replaced with your actual storage account URL that can be found in the Azure management portal. | |
80 | Used to verify the certificate status through the following endpoints:
Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. For more details, see also Microsoft documentation. | |||
Google Cloud storage | TCP | 443 | Used to communicate with Google Cloud storage through the following endpoints:
All cloud endpoints are specified in this Google article. | |
80 | Used to verify the certificate status through the following endpoints:
Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. | |||
IBM Cloud object storage | TCP | Depends on device configuration | Used to communicate with IBM Cloud object storage. | |
S3 compatible object storage | TCP | Depends on device configuration | Used to communicate with S3 compatible object storage. | |
Veeam Data Cloud Vault storage | TCP | 443 | Used to communicate with the Veeam Data Cloud Vault storage through the xxx.blob.core.windows.net endpoint. |
Communication with Mail Servers
The following table describes network ports that must be opened to ensure proper communication with mail servers.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Agent Computer | SMTP server | TCP | 25 | Default port used by the SMTP server. |
TCP | 587 | Port used by the SMTP server if SSL is enabled. | ||
Gmail REST API (gmail.googleapis.com) | TCP | 443 | Port used for communication with Google Mail services. | |
Microsoft Graph REST API (graph.microsoft.com, login.microsoftonline.com) | TCP | 443 | Port used for communication with Microsoft Exchange Online organizations. |