Before You Begin
Before you add a Linux server to the Veeam Backup & Replication infrastructure, check the required permissions and the following prerequisites.
When you add a Linux server to the backup infrastructure, Veeam Backup & Replication automatically opens ports used by the Veeam Data Mover on the Linux server. Generally, Veeam Backup & Replication automatically open ports for most of popular firewalls (iptables, ufw, firewall-cmd). However, if for some reason the ports are not opened, you can open the ports manually. You can also specify these ports at the SSH Connection step of the New Linux Server wizard. Note that ports are opened dynamically: if 10 concurrent jobs are running, Veeam Backup & Replication opens ports 2500-2509.
If you use the firewalld tool, you can configure firewall rules to open ports only in necessary zones. By default, Veeam Backup & Replication opens ports in all active firewalld zones. If your firewall is configured for different zones, and you want to minimize security holes, you can configure Veeam Backup & Replication to open the ports only for certain zones. To do this, perform the following:
- On the helper host or target Linux host, create the /etc/VeeamNetConfig file and define the following parameter:
where zone_name_1, zone_name_2 is a list of zone names where the ports must be open. Veeam Backup & Replication will skip the zones that are not in this list.
- [Only for helper host] If you select a Linux host that is already added to the Veeam Backup & Replication infrastructure, you should also add required zones to the /opt/veeam/transport/VeeamTransportConfig file.
Veeam Backup & Replication opens the port 2500 in all zones even if you have specified the required zones in configuration files.
Since Veeam Backup & Replication version 12, Linux servers use the TLS connection. You can disable the TLS connection with a registry value for the servers that do not support the TLS connection. For more information, contact Veeam Customer Support.