Used Ports

In this article

    This section covers typical connection settings for Veeam Backup Enterprise Manager, including:

     

    Note

    For more information on ports specific for Veeam Backup & Replication infrastructure components, see the Used Ports section of the Veeam Backup & Replication User Guide.

    Veeam Backup Enterprise Manager Connections

    The following ports must be opened to ensure proper operation of Veeam Backup Enterprise Manager and communication between components.

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Enterprise Manager

    Veeam backup server

    TCP

    9392

    Default port used by Veeam Backup Enterprise Manager for collecting data from Veeam backup servers. Can be customized during Veeam Backup & Replication installation. For more information, see Specify Service Ports.

    9393

    Default port used by the Veeam Guest Catalog service for catalog replication. Can be customized during Veeam Backup & Replication installation.

    2500 to 2600

    Ports used by the Veeam Guest Catalog service for replicating catalog data.

    135

    Default RPC port.

    49152 to 65535 (for Microsoft Windows 2008 and later)

    Dynamic RPC port range. For more information, see this Microsoft KB article.

    SQL Server hosting the Enterprise Manager configuration database

    TCP

    1433

    Default port used for communication with Microsoft SQL Server hosting a Veeam Backup Enterprise Manager database. For more information, see Specify Installation Settings.

    Additional ports may be needed depending on your configuration. For more information, see the Microsoft SQL Docs Configure the Windows Firewall to Allow SQL Server Access article.

    vCenter Server

    TCP

    443

    Default port used for connection to a vCenter Server and deploying the Veeam Plug-in for vSphere web client. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

    Active Directory Domain Controller

    TCP, UDP

    389

    Port used by Enterprise Manager service to communicate with Active Directory over the LDAP protocol.

    TCP

    636

    Port used by Enterprise Manager service to communicate with Active Directory over the LDAPS (LDAP over TLS/SSL) protocol.

    TCP

    3268

    Port used by Enterprise Manager service to communicate with LDAP Global Catalog.

    TCP

    3269

    Port used by Enterprise Manager service to communicate with LDAP Global Catalog over TLS/SSL.

    TCP

    49152 to 65535 (for Microsoft Windows 2008 and later)

    Ports used by Enterprise Manager service to communicate with Active Directory. These ports are also used during restore through Veeam Self-Service File Restore Portal. This is a default dynamic port range. For more information, see Microsoft Support KB 832017.

    Veeam License Update Server (vbr.butler.veeam.com, autolk.veeam.com)

    TCP

    443

    Default port used for license auto-update.

    Veeam Backup Enterprise Manager
    website (IIS extension)

    Veeam Backup Enterprise Manager service

    TCP

    9394

    Default port used by IIS extension to communicate with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

    Veeam Cloud Connect Portal
    website (IIS extension)

    Veeam Backup Enterprise Manager service

    TCP

    9397

    Default port used by IIS extension to communicate with Veeam Backup Enterprise Manager. This port value is built-in and cannot be customized during installation.

    Browser

    Veeam Backup Enterprise Manager website (IIS extension)

    HTTP

    9080

    Default ports used to communicate with the website. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

    When you work with Veeam Self-Service Backup Portal (accessed by the portal URL or from the vCD environment) and vSphere Self-Service Backup Portal, your browser also communicates with the Veeam Backup Enterprise Manager website over this port.

    HTTPS

    9443

    Veeam Cloud Connect Portal website (IIS extension)

    HTTPS

    6443

    Default ports used to communicate with the website. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

    Veeam Backup Enterprise Manager REST API client
    and VMware vSphere web client
    plug-in

    Veeam Backup Enterprise Manager REST API

    HTTP

    9399

    Default ports used to communicate with Veeam Backup Enterprise Manager REST API. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

    HTTPS

    9398

    Veeam ONE Server
    (optional)

    Veeam Backup Enterprise Manager

    TCP

    Dynamically assigned ports

    If you use Veeam Availability Suite and add a Veeam Backup Enterprise Manager server to Veeam ONE monitoring scope, you must open ports required to gather data through WMI. For more information on enabling and disabling WMI traffic, see the Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection articles of the Microsoft Windows Dev Center.

     

    Note

    Consider the following:

    • During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components.
    • For more information on Enterprise Manager network connectivity, refer to the Enterprise Manager article of the Veeam Backup and Replication Best Practices documentation.

     

    Ports for Restore Operations

    Guest OS File Restore (Windows)

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Enterprise Manager

    Mount server associated with backup repository

    TCP

    2500 to 6000

    Ports used for file download.

    Guest OS File Restore (non-Windows)

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Enterprise Manager

    Helper appliance

    TCP

    2500 to 6000

    Ports used for file download. For more information on the helper appliance, see Preparing for File Search and Restore (non-Windows machines).

     

    Note

    Consider the following:

    • For more information on the list of ports used by the mount server associated with the backup repository during file-level restore, see the Mount Server Connections section of the Veeam Backup & Replication User Guide.
    • For more information on the list of ports used by the components involved in 1-Click Restore to Original Location, see the Used Ports section of the Veeam Backup & Replication User Guide.

     

    SQL Server Database Restore

    From

    To

    Protocol

    Port

    Notes

    Target remote SQL Server

    Mount server associated with backup repository

    TCP

    3260 to 3270

    Ports used for transfer of iSCSI traffic during database restore to the original Microsoft SQL Server. These ports are used during the restore process only.

    Oracle Database Restore (1-Click)

    From

    To

    Protocol

    Port

    Notes

    Target remote machine to which application items are restored

    Machine running mount service*

    TCP

    3260 to 3270

    Range of ports used by Veeam Backup and Replication for iSCSI traffic. Ports are open only during the application item restore session.

     

    Note

    For more information on 1-Click Database Restore to the original Oracle server machine (remote machine), see 1-Click Restore to Original Location.

     

    Oracle Database Restore (Custom Settings)

    From

    To

    Protocol

    Port

    Notes

    Machine running mount service*

    Oracle on Windows server

    TCP

    49152 to 65535 

    Recommended dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see Microsoft Support KB 832017.

    TCP

    1025 to 1034

    Default port range for the runtime component installed on the guest machine to support restore operations in most scenarios. These ports are opened only during application item restore.

    Oracle on Linux server

    TCP

    22

    Default SSH port used as a control channel.

    TCP

    2500 to 5000

    Default port range for data transmission.

    * The mount server associated with the repository (if restoring from backup), or the Veeam backup server (if restoring from replica).

    Note

    For more information on the process of database restore with custom settings, see Restore with Custom Settings.