Ports
The following tables list network ports that must be opened to manage traffic during recovery of Microsoft SQL Server data. The used ports depend on whether you are restoring data from image-level backups created with application-aware processing or backups created with Veeam Plug-In for Microsoft SQL Server.
Data Recovery from Image-Level Backups
The following table lists network ports that must be opened to manage traffic during recovery from image-level backups of Microsoft SQL Server data.
For information on the ports that must be opened when creating image-level backups of Microsoft SQL Server machines, see the Guest Processing Components and Log Shipping Components subsections of the Ports section.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Backup & Replication console | Backup server | TCP | 443 | Port used to communicate with the backup server. |
Backup server, Veeam Backup & Replication console, mount server associated with the backup repository (only for Instant Recovery or restore from Enterprise Manager) | Target machine with Microsoft SQL Server, staging server | TCP | 135, 445 | Ports used to deploy the runtime coordination process on the target machine. |
TCP | 6173 | Port used by the runtime coordination process that is deployed on the target machine. | ||
TCP | 6160 | Port used to communicate with Veeam Installer Service. | ||
TCP | 1433, 1434 | Ports used to communicate with Microsoft SQL Server installed on the target machine during application-item restore. For more information, see this Microsoft article. | ||
TCP | 1026 to 1034 | Default RPC range for the Veeam SQL Restore Service runtime components installed on a target or staging Microsoft SQL Server machine. Each runtime component uses the next available port in the range, and only during application item restore. For more information on the Veeam SQL Restore Service non-persistent runtime component, see Deploying Persistent and Non-Persistent Components. Note: You must manually open this port range in Microsoft Windows Firewall. | ||
TCP | 1025 | Port used by the Veeam SQL Agent Service persistent component installed on the target or staging Microsoft SQL Server machine. The port is used only during application item restore. For more information on the Veeam SQL Agent Service persistent component, see Deploying Persistent and Non-Persistent Components. Note: You must manually open this port in Microsoft Windows Firewall. | ||
Backup server | Mount server associated with the backup repository | TCP | 6170 | Port used for communication with Veeam Mount Service. |
Target machine with Microsoft SQL Server, staging server | Mount server associated with the backup repository | TCP | 3260 to 3270 | Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target machine. This port range is opened only during application item restore. For more information, see How Mounting Works. |
Backup repository | TCP | 6162 or 2500 to 3300 | These ports are used by the Veeam Agent persistent component deployed on the target or staging server and only during transaction log restore. Port 6162 is used to connect to the Veeam Data Mover Service (for Windows-based backup servers) or Veeam Transport Service (for Linux-based backup servers). The 2500 to 3300 port range is the default port range for data transfer over the network. For more information on the components used during data recovery, see Deploying Persistent and Non-Persistent Components. |
Restore from Plug-in Backups
The following table lists network ports that must be opened for managing restore from backups created with Veeam Plug-In for Microsoft SQL Server. For more information on the ports used for data transfer during restore, see the Ports section for standalone plug-ins or the Ports section for managed plug-ins.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Veeam Backup & Replication console | Backup server | TCP | 443 | Port used to communicate with the backup server. |
Target machine with Microsoft SQL Server | TCP | 135, 445 | Ports used to deploy the runtime coordination process on the target machine. | |
TCP | 49152 to 65535 | Dynamic RPC port range1, used only if you authenticate to the target server with domain user credentials. For more information about the port range, see this Microsoft article. | ||
TCP | 1433, 1434 | Ports used to communicate with Microsoft SQL Server installed on the target machine during application-item restore. For more information, see this Microsoft article. | ||
TCP | 1026 to 1034 | Default RPC range for the Veeam SQL Restore Service runtime components installed on a target or staging Microsoft SQL Server machine. Each runtime component uses the next available port in the range, and only during application item restore. For more information on the Veeam SQL Restore Service non-persistent runtime component, see Deploying Persistent and Non-Persistent Components. Note: You must manually open this port range in Microsoft Windows Firewall. | ||
TCP | 1025 | Port used by the Veeam SQL Agent Service persistent component installed on the target or staging Microsoft SQL Server machine. The port is used only during application item restore. For more information on the Veeam SQL Agent Service persistent component, see Deploying Persistent and Non-Persistent Components. Note: You must manually open this port in Microsoft Windows Firewall. |
1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.