Used Ports

In this article

    The following tables describe network ports that must be opened to ensure proper communication of components in the Veeam Agent management infrastructure.

    Veeam Backup & Replication Connections

    For information about network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components, see the Used Ports section in the Veeam Backup & Replication User Guide.

    For information about ports that must be opened to ensure communication of the backup server with Veeam Cloud Connect infrastructure components, see the Used Ports section in the Veeam Cloud Connect Guide.

    In addition to general port requirements applicable to a Veeam backup server, the backup server used in the Veeam Agent management scenario must have the following ports opened:

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Server

    Veeam Agent Computer (Microsoft Windows)

    TCP

    6184+

    Default port used for communication with theVeeam Agent for Microsoft Windows Service.

    If port 6184 is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number.

    TCP
    UDP

    135,
    137 to 139,
    445,
    6160,
    11731

    Default ports used for communication with the Veeam Installer Service.

    Port 135 is used for WMI queries. WMI queries are mandatory to back up failover clusters and perform file-level restore and optional to provide faster Veeam Agent deployment.

    Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

    Ports 137 to 139 and 445 are used during restore started from the Veeam Backup & Replication console.

    Ports 6160 and 11731 are used to deploy Veeam Agent on the computer and to provide faster restore.

    If the backup repository server role and the mount server role are assigned to different servers in your infrastructure, you must open ports described in the Mount Server Connections subsection of the Veeam Backup & Replication User Guide.

    TCP

    2500 to 3300

    [For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer.

    TCP

    6167,
    2500 to 3300

    [For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer operating as part of a failover cluster with SQL Server AlwaysOn Availability Groups.

    TCP

    6211

    [For storage snapshots support]  Port used for communication with the hardware VSS provider. For more information, see Storage Snapshots Support.

    TCP

    6160,
    11731

    Port port used for the volume-level restore.

    Veeam Agent Computer (Linux)

    TCP

    22

    Default port used as a control channel from the Veeam Backup Server to the Veeam Agent computer.

    TCP

    6162

    Default port used by the Veeam Data Mover.

    TCP

    2500 to 3300

    Default range of ports used for communication between Veeam Agent components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned.

    Distribution Server

    TCP
    UDP

    135,
    137 to 139,
    445,
    6160,
    11731

    Ports on a Microsoft Windows server used for deploying the Distribution Server component.

    Port 135 is optional. This port is used to provide faster Veeam Agent deployment.

    Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

    Ports 6160 and 11731 are used by the Veeam Installer Service. These ports together with port 445 are mandatory to deploy the Distribution Server component.

    TCP

    49152 to 65535

    Dynamic RPC port range. For more information, see this Microsoft KB article.

    TCP

    9380

    Default port used for communication with the Veeam Distribution Service.

    Backup Proxy

    TCP

    6211

    [For storage snapshots support]  Port used for communication with the hardware VSS provider. For more information, see Storage Snapshots Support.

    Distribution Server

    Veeam Agent Computer (Microsoft Windows)

    TCP

    49152 to 65535

    Dynamic RPC port range. For more information, see this Microsoft KB article.

    The port range is required for communication with the Veeam Installer Service.

    TCP
    UDP

    6160,
    11731

    Ports on the Veeam Agent computer used for deploying Veeam Agent.

    Veeam Agent Computer (Linux)

    TCP

    22

    Default port used to establish an SSH connection for the purpose of Veeam Agent packages transmission and deployment control.

    Veeam Agent Computer Connections

    From

    To

    Protocol

    Port

    Notes

    Veeam Agent Computer (Microsoft Windows)

    Veeam Backup Server

    TCP

    10005

    Default port used by Veeam Agent for Microsoft Windows operating in the managed mode for communication with the Veeam Backup server.

    Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers.

    Veeam Agent Computer (Microsoft Windows)

    TCP

    9395+, 6183+

    Ports used locally on the Veeam Agent computer for communication between Veeam Agent components and Veeam Agent for Microsoft Windows Service.

    If port 9395 or 6183 is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number.

    Veeam Agent Computer (Linux, Unix, macOS)

    Veeam Backup Server

    TCP

    10006

    Default port used for communication with the Veeam Backup server.

    Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers.

    Veeam Agent Computer (Linux, Unix, macOS)

    TCP

    2500 to 3300

    Default range of ports used for communication between Veeam Agent components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned.

    Communication with Veeam Backup & Replication Repositories

    Veeam Agent Computer

    Linux server performing the role of a backup repository

    TCP

    2500 to 3300

    Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

    Microsoft Windows server performing the role of a backup repository

    TCP

    49152 to 65535
    (for Microsoft Windows 2008 and newer)

    Dynamic RPC port range. For more information, see this Microsoft KB article.

    TCP

    2500 to 3300

    Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

    Shared folder CIFS (SMB) share

    TCP
    UDP

    137 to 139,
    445

    Ports used as a transmission channel from the Veeam Agent computer to the target CIFS (SMB) share.

    Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

    Gateway Microsoft Windows server

    TCP
    UDP

    137 to 139,
    445

    If a CIFS (SMB) share is used as a backup repository and a Microsoft Windows server is selected as a gateway server for this CIFS share, these ports must be opened on the gateway Microsoft Windows server.

    Ports 137 to 139 are used by backup infrastructure components to communicate using NetBIOS.

    TCP

    49152 to 65535

    Dynamic RPC port range. For more information, see this Microsoft KB article.

    TCP

    2500 to 3300

    Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

    Communication with Veeam Cloud Connect Repositories

    Veeam Agent Computer (Microsoft Windows, Linux, macOS)

    Cloud gateway

    TCP

    6180

    Port on the cloud gateway used to transport Veeam Agent data to the Veeam Cloud Connect repository.

    Certificate Revocation Lists

    TCP

    80 or 443 (most popular)

    Veeam Agent computer needs access to CRLs (Certificate Revocation Lists) of the CA (Certification Authority) who issued a certificate to the Veeam Cloud Connect service provider.

    Generally, information about CRL locations can be found on the CA website.