Ports

The following tables list network ports that must be opened to manage inbound and outbound traffic.

Backup

From

To

Protocol

Port

Notes

Backup server, guest interaction proxy (Enterprise and Enterprise Plus editions)

Source machine with Microsoft SQL Server

TCP, UDP

135, 137 to 139, 445

Ports used to deploy the runtime coordination process on the source machine.

TCP

49152 to 65535
(for Microsoft Windows 2008 or later)

Dynamic RPC range that is used by the runtime coordination process which is deployed on the source machine for application-aware processing.1

TCP

6167

For Microsoft SQL Server transaction logs shipping

Port used by the runtime process on the source machine from which transaction logs are collected.

Source machine with Microsoft SQL Server

Backup server, guest interaction proxy (Enterprise and Enterprise Plus editions)

TCP

49152 to 65535
(for Microsoft Windows 2008 or later)

Dynamic RPC range used by the runtime coordination process that is deployed on the source machine for application-aware processing.1

For more information, see this Microsoft article.

Log shipping server, backup repository

TCP

2500 to 3300

For Microsoft SQL Server transaction logs shipping

Default range of ports used by the Veeam Data Mover Service for data transfer over the network.

Log shipping server is used in case the direct connection to the backup repository is not possible. For more information, see the Log Shipping Servers section of the Veeam Backup & Replication User Guide.

 

1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Restore

From

To

Protocol

Port

Notes

Backup server, Veeam Backup & Replication console, mount server associated with the backup repository (only for Instant Recovery or restore from Enterprise Manager)

Target machine with Microsoft SQL Server, staging server

TCP, UDP

135, 445

Ports used to deploy the runtime coordination process on the target machine.

TCP

49152 to 65535
(for Microsoft Windows 2008 or later)

Dynamic RPC range used by the runtime coordination process that is deployed on the target machine.1

For more information, see this Microsoft article.

TCP

6160

Port used to communicate with the installer service.

TCP

1433, 1434

Ports used to communicate with the Microsoft SQL Server installed on the target machine during application-item restore.

For more information, see this Microsoft article.

UDP

1434

Port used by the Microsoft SQL Server Browser service.

For more information, see this Microsoft article.

TCP

1025 to 1034

Default RPC range for the runtime component installed on a target or staging Microsoft SQL Server machine to support restore. Each runtime component uses the next available port in the range, and only during application item restore.

Note: You must manually open this port range in Microsoft Windows Firewall.

Target machine with Microsoft SQL Server, staging server

Mount server associated with the backup repository

TCP

3260 to 3270

Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target machine.

This port range is opened only during application item restore.

For more information, see How Mounting Works.

1 If you use default Microsoft Windows Firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.