Used Ports
The following tables list network ports that must be opened to manage inbound/outbound traffic.
Backup
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Veeam Backup Server / Guest Interaction Proxy (Enterprise and Enterprise Plus editions) | Microsoft SQL Server VM Guest OS | TCP, UDP | 135, 137 to 139, 445 | Ports used to deploy the runtime coordination process on a VM guest OS. |
TCP | 49152 to 65535 | Dynamic RPC range that is used by the runtime coordination process which is deployed on a VM guest OS for application-aware processing.1 | ||
TCP | 6167 | For Microsoft SQL Server transaction logs shipping Port used by the runtime process on a VM guest OS from which transaction logs are collected. | ||
Microsoft SQL Server VM Guest OS | Veeam Backup Server / Guest Interaction Proxy (Enterprise and Enterprise Plus editions) | TCP | 49152 to 65535 | Dynamic RPC range used by the runtime coordination process that is deployed on a VM guest OS for application-aware processing.1 For more information, see this Microsoft article. |
Log Shipping Server / Backup Repository | TCP | 2500 to 3300 | For Microsoft SQL Server transaction logs shipping Default range of ports used by the Veeam Data Mover Service for data transfer over the network. Log shipping server is used in case the direct connection to the backup repository is not possible. For more information, see Log Shipping Servers. |
1 If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.
Restore
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Veeam Backup Server / Standalone Console / Mount server associated with the backup repository (only when restoring from Enterprise Manager) | Target Server, Staging Server | TCP, UDP | 135, 445 | Ports used to deploy the runtime coordination process on a target guest OS. |
TCP | 49152 to 65535 | Dynamic RPC range used by the runtime coordination process that is deployed on a target guest OS.1 For more information, see this Microsoft article. | ||
TCP | 6160 | Port used to communicate with the installer service. | ||
TCP | 1433, 1434 | Ports used to communicate with the Microsoft SQL Server installed on a VM during application-item restore. For more information, see this Microsoft article. | ||
UDP | 1434 | Port used by the Microsoft SQL Server Browser service. For more information, see this Microsoft article. | ||
TCP | 1025 to 1034 | Default RPC range for the runtime component installed on a target or staging SQL Server VM to support restore. This port range is opened only during application item restore. Note: You must manually open these ports for Veeam.SQL.Service.exe in Microsoft Windows Firewall. | ||
Target Server, Staging Server | Mount server associated with the backup repository | TCP | 3260 to 3270 | Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target VM. This port range is opened only during application item restore. For more information, see Mount Operations. |
1 If you use default Microsoft Windows Firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the RPC function call failed error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.