Help Center
Choose product document...
Veeam Backup & Replication 9.5
User Guide for Microsoft Hyper-V

Used Ports

This section covers typical connection settings for the backup infrastructure components.

Used Ports Note:

During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components.

In This Section

Backup Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components. 

From

To

Protocol

Port

Notes

Virtualization Servers

Backup server

SCVMM

WCF

8100

Default VMM Administrator Console to VMM server port required by the Veeam Backup Management.

Microsoft Hyper-V server

TCP
UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

6163

Default port used to communicate with Veeam Hyper-V Integration Service.

TCP

2500 to 5000

Default range of ports used as transmission channels for jobs. For every TCP connection that a job uses, one port from this range is assigned.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Other Servers

Backup server

Microsoft SQL Server hosting the Veeam Backup & Replication configuration database

TCP

1433

Port used for communication with Microsoft SQL Server on which the Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance).

Additional ports may need to be open depending on your configuration. For more information, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde.

DNS server with forward/reverse name resolution of all backup servers

UDP

53

Port used for communication with the DNS Server.

Veeam Update Notification Server (dev.veeam.com)

TCP

80

Default port used to download information about available updates from the Veeam Update Notification Server over the Internet.

Veeam License Update Server (autolk.veeam.com)

TCP

443

Default port used for license auto-update.

Backup Server

Backup server

Backup server

TCP

9501

Port used locally on the backup server for communication between Veeam Broker Service and Veeam services and components.

Remote Access

Management client PC (remote access)

Backup server

TCP

3389

Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open.

 

Veeam Backup & Replication Console Connections

The following table describes network ports that must be opened to ensure proper communication with the Veeam Backup & Replication console installed remotely.

From

To

Protocol

Port

Notes

Veeam Backup & Replication Console

Backup server

TCP

9392

Port used by the Veeam Backup & Replication console to connect to the backup server.

Veeam Backup & Replication Console

Mount server (if the mount server is not located on the console)

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows Servers Connections

The following table describes network ports that must be opened to ensure proper communication with Microsoft Windows servers managed by Veeam Backup & Replication.

These ports must be opened for every Microsoft Windows server that you add to Veeam Backup & Replication. If you want to use the server as a backup component, for example, a backup proxy, you must additionally open ports required by the component role. See the ports required for each component role respectively. 

From

To

Protocol

Port

Notes

Backup server

Microsoft Windows server

TCP
UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

Hyper-V server/Off-host backup proxy

TCP

6160

Default port used by the Veeam Installer Service.

Backup repository

TCP

2500 to 5000

Default range of ports used as data transmission channels and for collecting log files.

For every TCP connection that a job uses, one port from this range is assigned.

Gateway server

TCP

6162

Default port used by the Veeam Data Mover Service.

Mount server

TCP

49152-65535
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

WAN accelerator

Tape server

Backup server

SMB3 server

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

 

Linux Servers Connections

The following table describes network ports that must be opened to ensure proper communication with Linux servers managed by Veeam Backup & Replication.

These ports must be opened for every Linux server that you add to Veeam Backup & Replication. If you want to use the server as a backup component, for example, a backup repository, you must additionally open ports required by the component role. See the ports required for each component role respectively.

From

To

Protocol

Port

Notes

Backup server

Linux server

TCP

22

Port used as a control channel from the console to the target Linux host.

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Linux server

Backup server

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Backup Proxy Connections

The following table describes network ports that must be opened to ensure proper communication of backup proxies with other backup components. 

From

To

Protocol

Port

Notes

Backup server

Off-host backup proxy

See Microsoft Windows Connections.

Communication with Backup Server

Backup server

Off-host backup proxy

TCP

6163

Default port used by the Hyper-V Integration Service.

SMB3 server

TCP

6163

Default port used by the Hyper-V Integration Service.

Communication with Backup Repositories

Hyper-V server/ Off-host backup proxy

Linux server

TCP

22

Port used as a control channel from the backup proxy to the target Linux host.

Microsoft Windows server

TCP

49152-65535 
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Shared folder CIFS (SMB) share

TCP
UDP

135, 137 to 139, 445

Ports used as a transmission channel from the backup proxy to the target CIFS (SMB) share.

Gateway server

TCP
UDP

49152-65535 
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Communication with Backup Proxies

Hyper-V server

Backup proxy (onhost or offhost)

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft SMB3 server

Backup proxy (onhost or offhost)

TCP

2500 to 5000

Ports used to retrieve CBT information from a Microsoft SMB3 server managing shares that host VM disks.

 

Backup Repository Connections

The following table describes network ports that must be opened to ensure proper communication with backup repositories.

From

To

Protocol

Port

Notes

Hyper-V server/ Off-host backup proxy

Microsoft Windows server performing the role of the backup repository

See Microsoft Windows Server Connections.

Hyper-V server/ Off-host backup proxy

Linux server performing the role of the backup repository

See Linux Servers Connections.

Backup repository

Backup proxy

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Source backup repository

Target backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned.
Ports 2500 to 5000 are used for backup copy jobs that do not utilize WAN accelerators. If the backup copy job utilizes WAN accelerators, make sure that ports specific for WAN accelerators are open.

Microsoft Windows Server running vPower NFS service

Backup repository gateway server working with backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

Dell EMC Data Domain System Connections

From

To

Protocol

Port

Notes

Backup server
or
Gateway server

Dell EMC Data Domain

TCP

111

Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.

TCP

2049

Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode.

TCP

2052

Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode.

Backup server

Gateway server

See Gateway Server Connections.

For more information, see https://community.emc.com/docs/DOC-33258.

HPE StoreOnce Connection

From

To

Protocol

Port

Notes

Backup server
or
Gateway server

HPE StoreOnce

TCP

9387

Default command port used for communication with HPE StoreOnce.

9388

Default data port used for communication with HPE StoreOnce.

Backup server

Gateway server

See Gateway Server Connections.

Gateway Server Connections

The following table describes network ports that must be opened to ensure proper communication with gateway servers.

From

To

Protocol

Port

Notes

Backup server

Gateway server

See Microsoft Windows Server Connections.

TCP, UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

Gateway server
(if a gateway server is specified explicitly in CIFS (SMB) backup repository settings)

Shared folder CIFS (SMB) share

TCP, UDP

135, 137 to 139, 445

Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share.

Mount Server Connections

The following table describes network ports that must be opened to ensure proper communication with mount servers.

From

To

Protocol

Port

Notes

Backup server

Mount server

See Microsoft Windows Server Connections.

TCP

6170

Port used for communication with a local or remote Mount Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup server

TCP

9401

Port used for communication with the Veeam Backup Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup repository

TCP

2500 to 5000

Default range of ports used for communication with a backup repository.

Mount server

Helper appliance

TCP

22

Default SSH port used as a control channel.

TCP

2500 to 2600

Default range of ports used for communicating with the appliance.

Mount server

VM guest OS

See VM Guest OS Connections.

 

Proxy Appliance (Multi-OS FLR) Connections

From

To

Protocol

Port

Notes

Backup server

Helper appliance

TCP

22

Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process.

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Helper appliance

VM guest OS

TCP

22

Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process.

TCP

20

[If FTP option is used] Default port used for data transfer.

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

Helper appliance

TCP

22

Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process.

TCP

21

[If FTP option is used} Default port used for protocol control messages.

Helper appliance

Backup repository

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

 

WAN Accelerator Connections

The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs.

From

To

Protocol

Port

Notes

Backup server

WAN accelerator
(source and target)

See Microsoft Windows Server Connections.

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

6164

Controlling port for RPC calls.

WAN accelerator
(source and target)

Backup repository
(source and target)

TCP

2500 to 5000

Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as GuestIndexData.zip and others. A port from the range is selected dynamically.

WAN accelerator

WAN accelerator

TCP

6164

Controlling port for RPC calls.

TCP

6165

Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed.

Tape Server Connections

The following table describes network ports that must be opened to ensure proper communication with tape servers.

From

To

Protocol

Port

Notes

Backup server

Tape server

See Microsoft Windows Server Connections.

TCP

6166

Controlling port for RPC calls.

Tape server

Backup repository, gateway server or proxy server

See Microsoft Windows Server Connections.

 

VM Guest OS Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.

From

To

Protocol

Port

Notes

Backup server

Linux VM guest OS

TCP

22

Default SSH port used as a control channel.

Guest interaction proxy

TCP

6190

Port used for communication with the guest interaction proxy.

TCP

6290

Port used as a control channel for communication with the guest interaction proxy.

Guest interaction proxy

ESX(i) server

TCP

443

Default port used for connections to ESX(i) host.
[For VMware vSphere earlier than 6.5 ] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.

Guest interaction proxy
or
Mount server

Microsoft Windows VM guest OS

TCP, UDP

135, 137-139, 445

Ports required to deploy the runtime coordination process on the VM guest OS.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction.

For more information, see http://support.microsoft.com/kb/929851/en-us.

TCP

6167

[For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected.

Linux VM guest OS

TCP

22

Default SSH port used as a control channel.

TCP

2500 to 5000

Default range of ports used as transmission channels during Linux file-level recovery and for Oracle log backup.

For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows VM guest OS

Guest interaction proxy or mount server

TCP

 

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction .

For more information, see http://support.microsoft.com/kb/929851/en-us.

Note: Microsoft Exchange expands a standard Windows dynamic RPC port range. For more information, see https://helpcenter.veeam.com/docs/backup/explorers/vee_ports.html?ver=95.

* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports.

Veeam U-AIR Wizards Connections

The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.

From

To

Protocol

Port

Notes

U-AIR wizards

Veeam Backup Enterprise Manager

TCP

9394

Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation.

Azure Proxy Connections

From

To

Protocol

Port

Notes

Backup server

Azure proxy

TCP

6181

Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups.

Microsoft Active Directory Domain Controller Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
Active Directory VM guest OS

TCP

135

Port required for communication between the domain controller and backup server.

TCP,
UDP

389

LDAP connections.

TCP

636, 3268, 3269

LDAP connections.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing* For more information, see http://support.microsoft.com/kb/929851/en-us.

Microsoft Exchange Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft Exchange 2003/2007 CAS Server

TCP

80, 443

WebDAV connections

Microsoft Exchange 2010/2013 CAS Server

TCP

443

Microsoft Exchange Web Services Connections

 

Microsoft SQL Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
SQL VM guest OS

TCP

1433,1434 and other

Port used for communication with the Microsoft SQL Server installed inside the VM.

Port numbers depends on configuration of your Microsoft SQL server. For more information, see http://msdn.microsoft.com/en-us/library/cc646023.aspx#BKMK_ssde.

SMTP Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.

From

To

Protocol

Port

Notes

Backup server

SMTP server

TCP

25

Port used by the SMTP server.

Port 25 is most commonly used but the actual port number depends on configuration of your environment.

Veeam Backup Enterprise Manager Connections

Veeam Backup Enterprise Manager Connections

 

Veeam Explorers Connections

Veeam Cloud Connect Connections

Veeam Cloud Connect Connections

Veeam Agent for Windows Connections

Veeam Agent for Windows Connections

Veeam Agent for Linux Connections

Veeam Agent for Linux Connections

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Backup Explorers User Guide

PowerShell Reference

RESTful API Reference

Veeam Backup FREE Edition User Guide

Veeam Backup for Microsoft Office 365

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation