Used Ports

In this article

    The following tables list network ports that must be opened to manage inbound/outbound traffic.

    Backup

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Server / Guest Interaction Proxy (Enterprise and Enterprise Plus editions)

    Microsoft SQL Server VM Guest OS

    TCP, UDP

    135, 137 to 139, 445

    Ports used to deploy the runtime coordination process on a VM guest OS.

    TCP

    49152 to 65535
    (for Microsoft Windows 2008 and newer)

    Dynamic RPC range that is used by the runtime coordination process which is deployed on a VM guest OS for application-aware processing.1

    TCP

    6167

    For Microsoft SQL Server transaction logs shipping

    Port used by the runtime process on a VM guest OS from which transaction logs are collected.

    Microsoft SQL Server VM Guest OS

    Veeam Backup Server / Guest Interaction Proxy (Enterprise and Enterprise Plus editions)

    TCP

    49152 to 65535
    (for Microsoft Windows 2008 and newer)

    Dynamic RPC range used by the runtime coordination process that is deployed on a VM guest OS for application-aware processing.1

    For more information, see this Microsoft article.

    Log Shipping Server

    TCP

    2500 to 3300

    For Microsoft SQL Server transaction logs shipping

    Default range of ports used by the Veeam Data Mover Service for data transfer over the network.

     

    1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

    Restore

    From

    To

    Protocol

    Port

    Notes

    Veeam Backup Server / Standalone Console / Mount server associated with the backup repository (only when restoring from Enterprise Manager)

    Target Server, Staging Server

    TCP, UDP

    135, 445

    Ports used to deploy the runtime coordination process on a target guest OS.

    TCP

    49152 to 65535
    (for Microsoft Windows 2008 and newer)

    Dynamic RPC range used by the runtime coordination process that is deployed on a target guest OS.1

    For more information, see this Microsoft article.

    TCP

    6160

    Port used to communicate with the installer service.

    TCP

    1433, 1434

    Ports used to communicate with the Microsoft SQL Server installed on a VM during application-item restore.

    For more information, see this Microsoft article.

    UDP

    1434

    Port used by the Microsoft SQL Server Browser service.

    For more information, see this Microsoft article.

    TCP

    1025 to 1034

    Default RPC range for the runtime component installed on a target or staging SQL Server VM to support restore.

    This port range is opened only during application item restore.

    Target Server, Staging Server

    Mount server associated with the backup repository

    TCP

    3260 to 3270

    Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target VM.

    This port range is opened only during application item restore.

    For more information, see Mount Operations.

    1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.