Used Ports
This section covers typical connection settings for the backup infrastructure components.
Note: |
During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components. |
In This Section
- Backup Server Connections
- Backup Proxy Connections
- Backup Repository Connections
- EMC Data Domain System Connections
- HPE StoreOnce Connections
- Mount Server Connections
- Proxy Appliance (Multi-OS FLR) Connections
- WAN Accelerator Connections
- Tape Server Connections
- VM Guest OS Connections
- Veeam U-AIR Wizards Connections
- Microsoft Azure Proxy Connections
- Microsoft Active Directory Domain Controller Connections During Application Item Restore
- Microsoft Exchange Server Connections During Application Item Restore
- Microsoft SQL Server Connections During Application Item Restore
- SMTP Server Connections
- Veeam Backup Enterprise Manager Connections
- Veeam Explorers
- Veeam Agent for Windows
- Veeam Agent for Linux
The following table describes network ports that must be opened to ensure proper communication of the backup server with other infrastructure components.
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Backup server | SCVMM | WCF | 8100 | Default VMM Administrator Console to VMM server port required by the Veeam Backup Management. |
Microsoft Hyper-V server | TCP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
TCP | 6160 | Default port used by the Veeam Installer Service. | ||
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 6163 | Default port used to communicate with Veeam Hyper-V Integration Service. | ||
TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs. For every TCP connection that a job uses, one port from this range is assigned. | ||
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
Linux server | TCP | 22 | Default SSH port used as a control channel from the console to the target Linux server. | |
Microsoft Windows server | TCP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
TCP | 6160 | Default port used by the Veeam Installer Service. | ||
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
SMB3 server | TCP | 6160 | Default port used by the Veeam Installer Service. | |
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
Proxy appliance (multi-OS FLR) | SSH | 22 | Port used as a communication channel from the console to the proxy appliance in the multi-OS file-level recovery process. | |
Gateway server | TCP, UDP | 135, 137 to 139, 445 | Ports required for deploying Veeam Backup & Replication components. | |
Mount server | TCP | 9401 | Port used for communication with the mount server. | |
Microsoft SQL Server hosting Veeam Backup & Replication configuration database | TCP | 1433 | Port used for communication with Microsoft SQL Server on which Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance). Additional ports may need to be open depending on your configuration. For more information, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde. | |
DNS server with forward/reverse name resolution of all backup servers | UDP | 53 | Port used for communication with the DNS Server. | |
Veeam Update Notification Server | TCP | 80 | Default port used to download information about available updates from the Veeam Update Notification Server over the Internet. | |
Veeam License Update Server | TCP | 443 | Default port used for license auto-update. | |
Veeam Backup & Replication Console | Backup server | TCP | 9392 | Port used by the Veeam Backup & Replication console to connect to the backup server. |
Linux server | Backup server | TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs writing to Linux target. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows/Linux server | Backup server | TCP | 2500 to 5000 | Default range of ports used as transmission channels for jobs writing to Microsoft Windows target. For every TCP connection that a job uses, one port from this range is assigned. |
Management client PC (remote access) | Backup server | TCP | 3389 | Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open. |
Backup Proxy Connections
The following table describes network ports that must be opened to ensure proper communication of backup proxies with other infrastructure components.
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Communication with Backup Server | ||||
Backup server | Off-Host backup proxy | TCP | 6163 | Default port used by the Hyper-V Integration Service. |
SMB3 server | TCP | 6163 | Default port used by the Hyper-V Integration Service. | |
Communication with Backup Repositories | ||||
Hyper-V server/ Off-host backup proxy | Linux server | TCP | 22 | Port used as a control channel from the backup proxy to the target Linux host. |
Microsoft Windows server | TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | |
Shared folder CIFS (SMB) share | TCP | 135, 137 to 139, 445 | Ports used as a transmission channel from the backup proxy to the target CIFS (SMB) share. | |
Gateway server | TCP | 49152-65535 | Dynamic RPC port range. For more information, see http://support.microsoft.com/kb/929851/en-us. | |
Communication with Backup Proxies | ||||
Hyper-V server | Backup proxy (onhost or offhost) | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft SMB3 server | Backup proxy (onhost or offhost) | TCP | 2500 to 5000 | Ports used to retrieve CBT information from a Microsoft SMB3 server managing shares that host VM disks. |
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Hyper-V server/ Off-host backup proxy | Linux Server performing the role of the backup repository | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows Server performing the role of the backup repository | ||||
Backup repository | Backup proxy | TCP | 2500 to 5000 | Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Source backup repository | Target backup repository | TCP | 2500 to 5000 | Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned. |
Microsoft Windows Server Running vPower NFS Service Connections | Backup repository gateway server working with backup repository
| TCP | 2500 to 5000 | Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery. For every TCP connection that a job uses, one port from this range is assigned. |
EMC Data Domain System Connections
From | To | Protocol | Port | Notes |
Backup server or gateway server | EMC Data Domain | TCP | 111 | Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned. |
TCP | 2049 | Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode. | ||
TCP | 2052 | Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode. | ||
Backup server | Gateway server |
For more information, see https://community.emc.com/docs/DOC-33258.
From | To | Protocol | Port | Notes |
Backup server or gateway server | HPE StoreOnce | TCP | 9387 | Default command port used for communication with HPE StoreOnce. |
9388 | Default data port used for communication with HPE StoreOnce. | |||
Backup server | Gateway server |
From | To | Protocol | Port | Notes |
Mount server | Backup server | TCP | 9401 | Port used for communication with the Veeam Backup Service. |
Backup server | Mount server | TCP | 6170 | Port used for communication with a local or remote Mount Service. |
Mount server | Backup repository | TCP | 2500 to 5000 | Default range of ports used for communication with a backup repository. |
Proxy Appliance (Multi-OS FLR) Connections
From | To | Protocol | Port | Notes |
Backup server | Proxy appliance | TCP | 22 | Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process. |
TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
VM guest OS | TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | |
Proxy appliance | VM guest OS | TCP | 22 | Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process. |
TCP | 20 | [If FTP option is used] Default port used for data transfer. | ||
TCP | 2500-5000 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
VM guest OS | Proxy appliance | TCP | 22 | Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process. |
TCP | 21 | [If FTP option is used} Default port used for protocol control messages. |
The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs.
From | To | Protocol | Port | Notes |
Communication with Backup Server | ||||
Backup server | WAN accelerator | TCP | 6160 | Default port used by the Veeam Installer Service. |
TCP | 6162 | Default port used by the Veeam Data Mover Service. | ||
TCP | 6164 | Controlling port for RPC calls. | ||
Communication with Backup Repositories | ||||
WAN accelerator | Backup repository | TCP | 2500 to 5000 | Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as GuestIndexData.zip and others. A port from the range is selected dynamically. |
Communication Between WAN Accelerators | ||||
WAN accelerator | WAN accelerator | TCP | 6164 | Controlling port for RPC calls. |
TCP | 6165 | Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed. |
From | To | Protocol | Port | Notes |
Backup server | Tape server | TCP | 6166 | Controlling port for RPC calls. |
The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.
From | To | Protocol | Port | Notes |
Backup server | Linux VM guest OS | TCP | 22 | Default SSH port used as a control channel. |
Guest interaction proxy | TCP | 6190 | Port used for communication with the guest interaction proxy. | |
TCP | 6290 | Port used as a control channel for communication with the guest interaction proxy. | ||
Guest interaction proxy | Microsoft Windows VM guest OS | TCP, UDP | 135, 137-139, 445 | Ports required to deploy the runtime coordination process on the VM guest OS. |
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction. For more information, see http://support.microsoft.com/kb/929851/en-us. | ||
TCP | 6167 | [For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected. | ||
Microsoft Windows VM guest OS | Guest interaction proxy | TCP |
49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime process deployed inside the VM for guest OS interaction . For more information, see http://support.microsoft.com/kb/929851/en-us. |
* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports.
Veeam U-AIR Wizards Connections
The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.
From | To | Protocol | Port | Notes |
---|---|---|---|---|
U-AIR wizards | Veeam Backup Enterprise Manager | TCP | 9394 | Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation. |
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Backup server | Azure proxy | TCP | 6181 | Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups. |
Microsoft Active Directory Domain Controller Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.
From | To | Protocol | Port | Notes |
Backup server | Microsoft | TCP | 135 | Port required for communication between the domain controller and backup server. |
TCP, | 389 | LDAP connections. | ||
TCP | 636, 3268, 3269 | LDAP connections. | ||
TCP | 49152-65535 (for Microsoft Windows 2008 and newer) | Dynamic RPC port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing* For more information, see http://support.microsoft.com/kb/929851/en-us. |
Microsoft Exchange Server Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.
From | To | Protocol | Port | Notes |
Backup server | Microsoft Exchange 2003/2007 CAS Server | TCP | 80, 443 | WebDAV connections |
Microsoft Exchange 2010/2013 CAS Server | TCP | 443 | Microsoft Exchange Web Services Connections
|
Microsoft SQL Server Connections During Application Item Restore
The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.
From | To | Protocol | Port | Notes |
Backup server | Microsoft | TCP | 1433,1434 and other | Port used for communication with the Microsoft SQL Server installed inside the VM. Port numbers depends on configuration of your Microsoft SQL server. For more information, see http://msdn.microsoft.com/en-us/library/cc646023.aspx#BKMK_ssde. |
The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Backup server | SMTP server | TCP | 25 | Port used by the SMTP server. Port 25 is most commonly used but the actual port number depends on configuration of your environment. |
Veeam Backup Enterprise Manager Connections
Veeam Backup Enterprise Manager
- Veeam Explorer for Microsoft Active Directory Connections
- Veeam Explorer for Microsoft Exchange Connections
- Veeam Explorer for Microsoft SharePoint Connections
- Veeam Explorer for Microsoft SQL Server Connections
- Veeam Explorer for Oracle Connections
Veeam Agent for Windows Connections
Veeam Agent for Linux Connections