Ports
The following tables list network ports that must be opened to manage inbound and outbound traffic.
Backup
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup server, guest interaction proxy (Enterprise and Enterprise Plus editions) | Source machine with Microsoft SQL Server | TCP, UDP | 135, 137 to 139, 445 | Ports used to deploy the runtime coordination process on the source machine. |
TCP | 49152 to 65535 | Dynamic RPC range that is used by the runtime coordination process which is deployed on the source machine for application-aware processing.1 | ||
TCP | 6167 | For Microsoft SQL Server transaction logs shipping Port used by the runtime process on the source machine from which transaction logs are collected. | ||
Source machine with Microsoft SQL Server | Backup server, guest interaction proxy (Enterprise and Enterprise Plus editions) | TCP | 49152 to 65535 | Dynamic RPC range used by the runtime coordination process that is deployed on the source machine for application-aware processing.1 For more information, see this Microsoft article. |
Log shipping server, backup repository | TCP | 2500 to 3300 | For Microsoft SQL Server transaction logs shipping Default range of ports used by the Veeam Data Mover Service for data transfer over the network. Log shipping server is used in case the direct connection to the backup repository is not possible. For more information, see the Log Shipping Servers section of the Veeam Backup & Replication User Guide. |
1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.
Restore
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup server, Veeam Backup & Replication console, mount server associated with the backup repository (only for Instant Recovery or restore from Enterprise Manager) | Target machine with Microsoft SQL Server, staging server | TCP, UDP | 135, 445 | Ports used to deploy the runtime coordination process on the target machine. |
TCP | 49152 to 65535 | Dynamic RPC range used by the runtime coordination process that is deployed on the target machine.1 For more information, see this Microsoft article. | ||
TCP | 6160 | Port used to communicate with the installer service. | ||
TCP | 1433, 1434 | Ports used to communicate with the Microsoft SQL Server installed on the target machine during application-item restore. For more information, see this Microsoft article. | ||
UDP | 1434 | Port used by the Microsoft SQL Server Browser service. For more information, see this Microsoft article. | ||
TCP | 1025 to 1034 | Default RPC range for the runtime component installed on a target or staging Microsoft SQL Server machine to support restore. Each runtime component uses the next available port in the range, and only during application item restore. Note: You must manually open this port range in Microsoft Windows Firewall. | ||
Target machine with Microsoft SQL Server, staging server | Mount server associated with the backup repository | TCP | 3260 to 3270 | Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target machine. This port range is opened only during application item restore. For more information, see How Mounting Works. |
1 If you use default Microsoft Windows Firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.