Help Center
Choose product document...
Veeam Backup & Replication 9.5
User Guide for Microsoft Hyper-V

Used Ports

This section covers typical connection settings for the backup infrastructure components.

Used Ports Note:

During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components.

In This Section

Backup Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with other infrastructure components. 

From

To

Protocol

Port

Notes

Backup server

SCVMM

WCF

8100

Default VMM Administrator Console to VMM server port required by the Veeam Backup Management.

Microsoft Hyper-V server

TCP
UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

6163

Default port used to communicate with Veeam Hyper-V Integration Service.

TCP

2500 to 5000

Default range of ports used as transmission channels for jobs. For every TCP connection that a job uses, one port from this range is assigned.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Linux server

TCP

22

Default SSH port used as a control channel from the console to the target Linux server.

Microsoft Windows server

TCP
UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

49152-65535
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

SMB3 server

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

Proxy appliance (multi-OS FLR)

SSH

22

Port used as a communication channel from the console to the proxy appliance in the multi-OS file-level recovery process.

Gateway server

TCP, UDP

135, 137 to 139, 445

Ports required for deploying Veeam Backup & Replication components.

Mount server

TCP

9401

Port used for communication with the mount server.

Microsoft SQL Server hosting Veeam Backup & Replication configuration database

TCP

1433

Port used for communication with Microsoft SQL Server on which Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance).

Additional ports may need to be open depending on your configuration. For more information, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde.

DNS server with forward/reverse name resolution of all backup servers

UDP

53

Port used for communication with the DNS Server.

Veeam Update Notification Server

TCP

80

Default port used to download information about available updates from the Veeam Update Notification Server over the Internet.

Veeam License Update Server

TCP

443

Default port used for license auto-update.

Veeam Backup & Replication Console

Backup server

TCP

9392

Port used by the Veeam Backup & Replication console to connect to the backup server.

Linux server

Backup server

TCP

2500 to 5000

Default range of ports used as transmission channels for jobs writing to Linux target. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows/Linux server

Backup server

TCP

2500 to 5000

Default range of ports used as transmission channels for jobs writing to Microsoft Windows target. For every TCP connection that a job uses, one port from this range is assigned.

Management client PC (remote access)

Backup server

TCP

3389

Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open.

 

Backup Proxy Connections

The following table describes network ports that must be opened to ensure proper communication of backup proxies with other infrastructure components. 

From

To

Protocol

Port

Notes

Communication with Backup Server

Backup server

Off-Host backup proxy

TCP

6163

Default port used by the Hyper-V Integration Service.

SMB3 server

TCP

6163

Default port used by the Hyper-V Integration Service.

Communication with Backup Repositories

Hyper-V server/ Off-host backup proxy

Linux server

TCP

22

Port used as a control channel from the backup proxy to the target Linux host.

Microsoft Windows server

TCP

49152-65535 
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Shared folder CIFS (SMB) share

TCP
UDP

135, 137 to 139, 445

Ports used as a transmission channel from the backup proxy to the target CIFS (SMB) share.

Gateway server

TCP
UDP

49152-65535 
(for Microsoft Windows 2008 and newer)

Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us.

Communication with Backup Proxies

Hyper-V server

Backup proxy (onhost or offhost)

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft SMB3 server

Backup proxy (onhost or offhost)

TCP

2500 to 5000

Ports used to retrieve CBT information from a Microsoft SMB3 server managing shares that host VM disks.

 

Backup Repository Connections

From

To

Protocol

Port

Notes

Hyper-V server/ Off-host backup proxy

Linux Server performing the role of the backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows Server performing the role of the backup repository

Backup repository

Backup proxy

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Source backup repository

Target backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned.
Ports 2500 to 5000 are used for backup copy jobs that do not utilize WAN accelerators. If the backup copy job utilizes WAN accelerators, make sure that ports specific for WAN accelerators are open.

Microsoft Windows Server Running vPower NFS Service Connections

Backup repository gateway server working with backup repository

 

TCP

2500 to 5000

Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

Dell EMC Data Domain System Connections

From

To

Protocol

Port

Notes

Backup server or gateway server

Dell EMC Data Domain

TCP

111

Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.

TCP

2049

Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode.

TCP

2052

Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode.

Backup server

Gateway server

See Backup Server Connections.

For more information, see https://community.emc.com/docs/DOC-33258.

HPE StoreOnce Connection

From

To

Protocol

Port

Notes

Backup server or gateway server

HPE StoreOnce

TCP

9387

Default command port used for communication with HPE StoreOnce.

9388

Default data port used for communication with HPE StoreOnce.

Backup server

Gateway server

See Backup Server Connections.

Mount Server Connections

From

To

Protocol

Port

Notes

Mount server
(or machine running the Veeam Backup & Replication console)

Backup server

TCP

9401

Port used for communication with the Veeam Backup Service.

Backup server

Mount server

TCP

6170

Port used for communication with a local or remote Mount Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup repository

TCP

2500 to 5000

Default range of ports used for communication with a backup repository.

Proxy Appliance (Multi-OS FLR) Connections

From

To

Protocol

Port

Notes

Backup server

Proxy appliance

TCP

22

Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process.

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Proxy appliance

VM guest OS

TCP

22

Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process.

TCP

20

[If FTP option is used] Default port used for data transfer.

TCP

2500-5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

Proxy appliance

TCP

22

Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process.

TCP

21

[If FTP option is used} Default port used for protocol control messages.

 

WAN Accelerator Connections

The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs.

From

To

Protocol

Port

Notes

Communication with Backup Server

Backup server

WAN accelerator
(source and target)

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

6164

Controlling port for RPC calls.

Communication with Backup Repositories

WAN accelerator
(source and target)

Backup repository
(source and target)

TCP

2500 to 5000

Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as GuestIndexData.zip and others. A port from the range is selected dynamically.

Communication Between WAN Accelerators

WAN accelerator

WAN accelerator

TCP

6164

Controlling port for RPC calls.

TCP

6165

Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed.

Tape Server Connections

From

To

Protocol

Port

Notes

Backup server

Tape server

TCP

6166

Controlling port for RPC calls.

 

VM Guest OS Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.

From

To

Protocol

Port

Notes

Backup server

Linux VM guest OS

TCP

22

Default SSH port used as a control channel.

Guest interaction proxy

TCP

6190

Port used for communication with the guest interaction proxy.

TCP

6290

Port used as a control channel for communication with the guest interaction proxy.

Guest interaction proxy

Microsoft Windows VM guest OS

TCP, UDP

135, 137-139, 445

Ports required to deploy the runtime coordination process on the VM guest OS.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction.

For more information, see http://support.microsoft.com/kb/929851/en-us.

TCP

6167

[For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected.

Microsoft Windows VM guest OS

Guest interaction proxy

TCP

 

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction .

For more information, see http://support.microsoft.com/kb/929851/en-us.

Note: Microsoft Exchange expands a standard Windows dynamic RPC port range. For more information, see https://helpcenter.veeam.com/docs/backup/explorers/vee_ports.html?ver=95.

* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports.

Veeam U-AIR Wizards Connections

The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.

From

To

Protocol

Port

Notes

U-AIR wizards

Veeam Backup Enterprise Manager

TCP

9394

Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation.

Azure Proxy Connections

From

To

Protocol

Port

Notes

Backup server

Azure proxy

TCP

6181

Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups.

Microsoft Active Directory Domain Controller Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
Active Directory VM guest OS

TCP

135

Port required for communication between the domain controller and backup server.

TCP,
UDP

389

LDAP connections.

TCP

636, 3268, 3269

LDAP connections.

TCP

49152-65535 (for Microsoft Windows 2008 and newer)

Dynamic RPC port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing* For more information, see http://support.microsoft.com/kb/929851/en-us.

Microsoft Exchange Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft Exchange 2003/2007 CAS Server

TCP

80, 443

WebDAV connections

Microsoft Exchange 2010/2013 CAS Server

TCP

443

Microsoft Exchange Web Services Connections

 

Microsoft SQL Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
SQL VM guest OS

TCP

1433,1434 and other

Port used for communication with the Microsoft SQL Server installed inside the VM.

Port numbers depends on configuration of your Microsoft SQL server. For more information, see http://msdn.microsoft.com/en-us/library/cc646023.aspx#BKMK_ssde.

SMTP Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.

From

To

Protocol

Port

Notes

Backup server

SMTP server

TCP

25

Port used by the SMTP server.

Port 25 is most commonly used but the actual port number depends on configuration of your environment.

Veeam Backup Enterprise Manager Connections

Veeam Backup Enterprise Manager

 

Veeam Explorers Connections

Veeam Agent for Windows Connections

Veeam Agent for Windows

Veeam Agent for Linux Connections

Veeam Agent for Linux

Veeam Large Logo

User Guide for VMware vSphere

User Guide for Microsoft Hyper-V

Enterprise Manager User Guide

Veeam Cloud Connect Guide

Veeam Backup Explorers User Guide

PowerShell Reference

RESTful API Reference

Veeam Backup FREE Edition User Guide

Veeam Backup for Microsoft Office 365

Veeam ONE Documentation

Veeam Agent for Windows Documentation

Veeam Agent for Linux Documentation

Veeam Management Pack Documentation