This is an archive version of the document. To get the most up-to-date information, see the current version.

Used Ports

On backup infrastructure components, Veeam Backup & Replication automatically creates firewall rules for the required ports. These rules allow communication between the components.

Used PortsImportant!

Some Linux distributions require firewall and/or security rules to be created manually. For details, see this Veeam KB article.

You can find the full list of the ports below.

Backup Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with backup infrastructure components.

From

To

Protocol

Port

Notes

Virtualization Servers

Backup server

vCenter Server

HTTPS TCP

443

Default port used for connections to vCenter Server.

If you use vCloud Director, make sure you open port 443 on underlying vCenter Servers.

HTTPS TCP

10443

Port used for communication with vCenter Server.

This port is not required for VMware Cloud on AWS.

ESXi server

HTTPS TCP

443

Default port used for connections to ESXi host.
[For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.

Note: When you configure firewalls, consider opening port 443 on ESXi hosts even if you add vCenter Server to the backup infrastructure. Port 443 may be required for backup and restore without vCenter Server, for example, if you back up a VM that hosts vCenter Server and restore it when vCenter Server is down.

This port is not required for VMware Cloud on AWS.

TCP

902

Port used for data transfer to ESXi host.

This port is not required for VMware Cloud on AWS.

TCP

22

Port used as a control channel (only for jobs that use an ESX target with the console agent enabled).

This port is not required for VMware Cloud on AWS.

vCloud Director

HTTPS TCP

443

Default port used for connections to vCloud Director.

Other Servers

Backup server

Microsoft SQL Server hosting the Veeam Backup & Replication configuration database

TCP

1433

Port used for communication with Microsoft SQL Server on which the Veeam Backup & Replication configuration database is deployed (if you use a Microsoft SQL Server default instance).

Additional ports may need to be open depending on your configuration. For more information, see Microsoft Docs.

DNS server with forward/reverse name resolution of all backup servers

UDP

53

Port used for communication with the DNS Server.

Veeam Update Notification Server (dev.veeam.com)

TCP

80

Default port used to download information about available updates from the Veeam Update Notification Server over the Internet.

Veeam License Update Server (autolk.veeam.com)

TCP

443

Default port used for license auto-update.

Backup Server

Backup server

Backup server

TCP

9501

Port used locally on the backup server for communication between Veeam Broker Service and Veeam services and components.

Remote Access

Management client PC (remote access)

Backup server

TCP

3389

Default port used by the Remote Desktop Services. If you use third-party solutions to connect to the backup server, other ports may need to be open.

 

Veeam Backup & Replication Console Connections

The following table describes network ports that must be opened to ensure proper communication with the Veeam Backup & Replication console installed remotely.

From

To

Protocol

Port

Notes

Veeam Backup & Replication Console

Backup server

TCP

9392

Port used by the Veeam Backup & Replication console to connect to the backup server.

TCP

10003

Port used by the Veeam Backup & Replication console to connect to the backup server only when managing the Veeam Cloud Connect infrastructure.

Veeam Backup & Replication Console

Mount server (if the mount server is not located on the console)

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Microsoft Windows Server Connections

The following table describes network ports that must be opened to ensure proper communication with Microsoft Windows servers.

Each Microsoft Windows server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.

For example, if you assign the role of a backup proxy to your Microsoft Windows server, you must open ports listed below and also ports listed in the Backup Proxy Connections section.

From

To

Protocol

Port

Notes

Backup server

Microsoft Windows server

TCP
UDP

135,
137 to 139,
445

Ports required for deploying Veeam Backup & Replication components.

Backup proxy

TCP

6160

Default port used by the Veeam Installer Service.

Backup repository

TCP

2500 to 5000

Default range of ports used as data transmission channels and for collecting log files.

For every TCP connection that a job uses, one port from this range is assigned.

Gateway server

TCP

6161

[For Microsoft Windows servers running the vPower NFS Service] Default port used by the Veeam vPower NFS Service.

Mount server

TCP

6162

Default port used by the Veeam Data Mover Service.

WAN accelerator

TCP

49152 to 65535
(for Microsoft Windows 2008 and newer)

Dynamic port range. For more information, see this Microsoft KB article.

Tape server

 

Linux Server Connections

The following table describes network ports that must be opened to ensure proper communication with Linux servers.

Each Linux server that is a backup infrastructure component or a machine for which you enable application-aware processing must have these ports opened. If you want to use the server as a backup infrastructure component, you must also open ports that the component role requires.

For example, if you assign the role of a backup repository to your Linux server, you must open ports listed below and also ports listed in the Backup Repository Connections section.

From

To

Protocol

Port

Notes

Backup server

Linux server

TCP

22

Port used as a control channel from the console to the target Linux host.

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Linux server

Backup server

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Backup Proxy Connections

The following table describes network ports that must be opened to ensure proper communication of backup proxies with other backup components.

From

To

Protocol

Port

Notes

Backup server

Backup proxy

Backup proxy is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

Communication with VMware Servers

Backup proxy

vCenter Server

HTTPS

443

Default VMware web service port that can be customized in vCenter settings.

ESXi server

TCP

902

Default VMware port used for data transfer.

This port is not required for VMware Cloud on AWS.

HTTPS

443

Default VMware web service port that can be customized in ESX host settings. Not required if vCenter connection is used.

This port is not required for VMware Cloud on AWS.

Communication with Backup Repositories

Backup proxy

Microsoft Windows server

TCP

49152 to 65535
(for Microsoft Windows 2008 and newer)

Dynamic port range. For more information, see this Microsoft KB article.

Shared folder CIFS (SMB) share

TCP
UDP

135,
137 to 139,
445

Ports used as a transmission channel from a backup proxy to the target CIFS (SMB) share.

Traffic goes between a backup proxy and CIFS (SMB) share only if a gateway server is not specified explicitly in CIFS (SMB) backup repository settings (the Automatic selection option is used).

If a gateway server is specified explicitly, traffic goes between a gateway server and CIFS (SMB) share. For more information about required ports, see the Gateway server > Shared folder line below in this table.

Gateway server

TCP

49152 to 65535
(for Microsoft Windows 2008 and newer)

Dynamic port range. For more information, see this Microsoft KB article.

Gateway server
(if a gateway server is specified explicitly in CIFS (SMB) backup repository settings)

Shared folder CIFS (SMB) share

TCP
UDP

135,
137 to 139,
445

Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share.

Communication with Backup Proxies

Backup proxy

Backup proxy

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

 

Backup Repository Connections

The following table describes network ports that must be opened to ensure proper communication with backup repositories.

From

To

Protocol

Port

Notes

Backup proxy

Microsoft Windows server performing the role of the backup repository

Ports listed in Microsoft Windows Server Connections must be opened.

Backup proxy

Linux server performing the role of the backup repository

Ports listed in Linux Server Connections must be opened.

Backup repository

Backup proxy

TCP

2500 to 5000

Default range of ports used as transmission channels for replication jobs. For every TCP connection that a job uses, one port from this range is assigned.

Source backup repository

Target backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels for backup copy jobs. For every TCP connection that a job uses, one port from this range is assigned.
Ports 2500 to 5000 are used for backup copy jobs that do not utilize WAN accelerators. If the backup copy job utilizes WAN accelerators, make sure that ports specific for WAN accelerators are open.

Microsoft Windows server running vPower NFS service

Backup repository gateway server working with backup repository

TCP

2500 to 5000

Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

Object Storage Repository Connections

The following table describes network ports and endpoints that must be opened to ensure proper communication with object storage repositories.

From

To

Protocol

Port/Endpoint

Notes

Gateway server

Amazon S3 Object Storage

TCP

443

Used to communicate with Amazon S3 Object Storage.

Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTPS

Cloud endpoints:

  • *.amazonaws.com (for both Global and Government regions)
  • *.amazonaws.com.cn (for China region)

A complete list of connection endpoints can be found in this Amazon article.

Certificate verification endpoints:

  • *.amazontrust.com

Microsoft Azure Object Storage

TCP

443

Used to communicate with Microsoft Azure Object Storage.

Consider the following:

  • The <xxx> part of the address must be replaced with your actual storage account URL, which can be found in the Azure management portal.
  • Certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.
  • The *.d-trust.net endpoint is used for the Germany region only.

HTTPS

Cloud endpoints:

  • xxx.blob.core.windows.net (for Global region)
  • xxx.blob.core.chinacloudapi.cn (for China region)
  • xxx.blob.core.cloudapi.de (for Germany region)
  • xxx.blob.core.usgovcloudapi.net (for Government region)

Certificate verification endpoints:

  • ocsp.digicert.com
  • ocsp.msocsp.com
  • *.d-trust.net  

IBM Cloud Object Storage

TCP/HTTPS

Customizable and depends on device configuration

Used to communicate with IBM Cloud Object Storage.

S3 Compatible Object Storage

TCP/HTTPS

Customizable and depends on device configuration

Used to communicate with S3 Compatible Object Storage.

For more information, see Object Storage Repository.

Dell EMC Data Domain System Connections

From

To

Protocol

Port

Notes

Backup server
or
Gateway server

Dell EMC Data Domain

TCP

111

Port used to assign a random port for the mountd service used by NFS and DDBOOST. Mountd service port can be statically assigned.

TCP

2049

Main port used by NFS. Can be modified via the ‘nfs set server-port’ command. Command requires SE mode.

TCP

2052

Main port used by NFS MOUNTD. Can be modified via the 'nfs set mountd-port' command in SE mode.

Backup server

Gateway server

Ports listed in Gateway Server Connections must be opened.

For more information, see Dell EMC Documents.

HPE StoreOnce Connections

From

To

Protocol

Port

Notes

Backup server
or
Gateway server

HPE StoreOnce

TCP

9387

Default command port used for communication with HPE StoreOnce.

9388

Default data port used for communication with HPE StoreOnce.

Backup server

Gateway server

Ports listed in Gateway Server Connections must be opened.

Gateway Server Connections

The following table describes network ports that must be opened to ensure proper communication with gateway servers.

From

To

Protocol

Port

Notes

Backup server

Gateway server

Gateway server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

TCP
UDP

135,
137 to 139,
445

Ports required for deploying Veeam Backup & Replication components.

Gateway server
(if a gateway server is specified explicitly in CIFS (SMB) backup repository settings)

Shared folder CIFS (SMB) share

TCP
UDP

135,
137 to 139,
445

Ports used as a transmission channel from a gateway server to the target CIFS (SMB) share.

Mount Server Connections

The following table describes network ports that must be opened to ensure proper communication with mount servers.

From

To

Protocol

Port

Notes

Backup server

Mount server

Mount server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

TCP

6170

Port used for communication with a local or remote Mount Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup server

TCP

9401

Port used for communication with the Veeam Backup Service.

Mount server
(or machine running the Veeam Backup & Replication console)

Backup repository

TCP

2500 to 5000

Default range of ports used for communication with a backup repository.

Mount server

Helper appliance

TCP

22

Default SSH port used as a control channel.

TCP

2500 to 2600

Default range of ports used for communicating with the appliance.

Mount server

VM guest OS

Ports listed in VM Guest OS Connections must be opened.

Microsoft Windows Server Running vPower NFS Service Connections

From

To

Protocol

Port

Notes

Backup server

Microsoft Windows server running vPower NFS Service

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6161

Default port used by the Veeam vPower NFS Service.

ESXi host

Microsoft Windows server running vPower NFS Service

TCP
UDP

111

Standard port used by the port mapper service.

TCP
UDP

1058+ or 1063+

Default mount port. The number of port depends on where the vPower NFS service is located:

  • 1058+: If the vPower NFS service is located on the backup server.
  • 1063+: If the vPower NFS service is located on a separate Microsoft Windows machine.

If port 1058/1063 is occupied, the succeeding port numbers will be used.

TCP
UDP

2049+

Standard NFS port. If port 2049 is occupied, the succeeding port numbers will be used.

Backup repository or
Gateway server working with backup repository

Microsoft Windows server running vPower NFS Service

TCP

2500 to 5000

Default range of ports used as transmission channels during Instant VM Recovery, SureBackup or Linux file-level recovery.

For every TCP connection that a job uses, one port from this range is assigned.

 

Proxy Appliance (Multi-OS FLR) Connections

From

To

Protocol

Port

Notes

Backup server

Helper appliance

TCP

22

Port used as a communication channel from the backup server to the proxy appliance in the multi-OS file-level recovery process.

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

Helper appliance

VM guest OS

TCP

22

Port used as a communication channel from the proxy appliance to the Linux guest OS during multi-OS file-level recovery process.

TCP

20

[If FTP option is used] Default port used for data transfer.

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

VM guest OS

Helper appliance

TCP

22

Port used as a communication channel from the proxy appliance to Linux guest OS during multi-OS file-level recovery process.

TCP

21

[If FTP option is used] Default port used for protocol control messages.

Helper appliance

Backup repository

TCP

2500 to 5000

Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned.

SureReplica Recovery Verification Connections

From

To

Protocol

Port

Notes

Backup server

vCenter Server

HTTPS TCP

443

Default port used for connections to vCenter Server.

ESXi server

HTTPS TCP

443

Default port used for connections to ESXi host.
Not required if vCenter connection is used.

TCP

22

Port used as a control channel (only for jobs that use an ESX target with the console agent enabled).

Proxy appliance

TCP

443

Port used for communication with the proxy appliance in the virtual lab.

22

Port used for communication with the proxy appliance in the virtual lab.

Applications on VMs in the virtual lab

Application-specific ports to perform port probing test. For example, to verify a DC, Veeam Backup & Replication probes port 389 for a response.

Internet-facing proxy server

VMs in the virtual lab

HTTP

8080

Port used to let VMs in the virtual lab access the Internet.

 

WAN Accelerator Connections

The following table describes network ports that must be opened to ensure proper communication between WAN accelerators used in backup copy jobs and replication jobs.

From

To

Protocol

Port

Notes

Backup server

WAN accelerator
(source and target)

WAN accelerator is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

TCP

6160

Default port used by the Veeam Installer Service.

TCP

6162

Default port used by the Veeam Data Mover Service.

TCP

6164

Controlling port for RPC calls.

WAN accelerator
(source and target)

Backup repository
(source and target)

TCP

2500 to 5000

Default range of ports used by the Veeam Data Mover Service for transferring files of a small size such as NVRAM, VMX, VMXF, GuestIndexData.zip and others. A port from the range is selected dynamically.

WAN accelerator

WAN accelerator

TCP

6164

Controlling port for RPC calls.

TCP

6165

Default port used for data transfer between WAN accelerators. Ensure this port is open in firewall between sites where WAN accelerators are deployed.

Tape Server Connections

The following table describes network ports that must be opened to ensure proper communication with tape servers.

From

To

Protocol

Port

Notes

Backup server

Tape server

Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

TCP

6166

Controlling port for RPC calls.

Tape server

Backup repository, gateway server or proxy server

Tape server is a Microsoft Windows server, and it requires the ports listed in Microsoft Windows Server Connections to be opened.

NDMP Server Connections

The following table describes network ports that must be opened to ensure proper communication with NDMP servers.

From

To

Protocol

Port

Notes

Gateway server

NDMP server

NDMP

10000

Port used for data transfer between the components.

Dell EMC VNX(e) Storage Connections

From

To

Protocol

Port

Notes

Backup server

VNX File

SSH

22

Default command port used for communication with VNX File over SSH.

VNX Block

HTTPS

443

Default port used for communication with Dell EMC VNX Block.

VNXe

HTTPS

443

Default port used for communication with Dell EMC VNXe and sending REST API calls.

Backup proxy

VNX Block

VNXe

TCP

3260

Default iSCSI target port.

VNX File

VNXe

TCP, UDP

2049, 111

Standard NFS ports. Port 111 is used by the port mapper service.

HPE 3PAR StoreServ Storage Connections

From

To

Protocol

Port

Notes

Backup server

HPE 3PAR StoreServ storage system

HTTP

8008

Default port used for communication with HPE 3PAR StoreServ over HTTP.

HTTPS

8080

Default port used for communication with HPE 3PAR StoreServ over HTTPS.

SSH

22

Default command port used for communication with HPE 3PAR StoreServ over SSH.

Backup proxy

HPE 3PAR StoreServ storage system

TCP

3260

Default iSCSI target port.

HPE Lefthand Storage Connections

From

To

Protocol

Port

Notes

Backup server

HPE Lefthand storage system

SSH

16022

Default command port used for communication with HPE Lefthand.

Backup proxy

HPE Lefthand storage system

TCP

3260

Default iSCSI target port.

HPE Nimble Storage Connections

From

To

Protocol

Port

Notes

Backup server

HPE Nimble storage system

TCP

5392

Default command port used for communication with HPE Nimble (used for Nimble OS 2.3 and later).

Backup proxy

HPE Nimble storage system

TCP

3260

Default iSCSI target port.

IBM Spectrum Virtualize Storage Connections

From

To

Protocol

Port

Notes

Backup server

IBM Spectrum Virtualize storage system

SSH

22

Default command port used for communication with IBM Spectrum Virtualize over SSH.

Backup proxy

IBM Spectrum Virtualize storage system

TCP

3260

Default iSCSI target port.

NetApp Data ONTAP Storage Connections

From

To

Protocol

Port

Notes

Backup server

NetApp Data ONTAP storage system

HTTP

80

Default command port used for communication with NetApp Data ONTAP over HTTP.

HTTPS

443

Default command port used for communication with NetApp Data ONTAP over HTTPS.

Backup proxy

NetApp Data ONTAP storage system

TCP, UDP

2049, 111

Standard NFS ports. Port 111 is used by the port mapper service.

TCP

3260

Default iSCSI target port.

Universal Storage API Integrated System Connections

The following tables describe network ports that must be opened to ensure proper communication with Universal Storage API integrated systems:

Fujitsu ETERNUS DX/AF Connections

From

To

Protocol

Port

Notes

Backup server

Fujitsu ETERNUS DX/AF storage system

SSH

22

Default command port used for communication with Fujitsu ETERNUS DX/AF over SSH.

Backup proxy

Fujitsu ETERNUS DX/AF storage system

TCP

3260

Default iSCSI target port.

INFINIDAT InfiniBox Connections

From

To

Protocol

Port

Notes

Backup server

INFINIDAT InfiniBox storage system

HTTPS

443

Default command port used for communication with INFINIDAT InfiniBox over HTTPS.

Backup proxy

INFINIDAT InfiniBox storage system

TCP

3260

Default iSCSI target port.

Huawei OceanStor Connections

From

To

Protocol

Port

Notes

Backup server

Huawei OceanStor storage system

HTTPS

8080

Default port used for communication with Huawei OceanStor over HTTPS.

Backup proxy

Huawei OceanStor storage system

TCP

3260

Default iSCSI target port.

NetApp SolidFire/HCI Connections

From

To

Protocol

Port

Notes

Backup server

NetApp SolidFire/HCI storage system

HTTPS

443

Default command port used for communication with NetApp SolidFire/HCI over HTTPS.

Backup proxy

NetApp SolidFire/HCI storage system

TCP

3260

Default iSCSI target port.

Pure Storage FlashArray Connections

From

To

Protocol

Port

Notes

Backup server

Pure Storage FlashArray system

HTTPS

443

Default command port used for communication with Pure Storage FlashArray over HTTPS.

Backup proxy

Pure Storage FlashArray system

TCP

3260

Default iSCSI target port.

 

 

VM Guest OS Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the runtime coordination process deployed inside the VM guest OS for application-aware processing and indexing.

From

To

Protocol

Port

Notes

Backup server

Linux VM guest OS

TCP

22

Default SSH port used as a control channel.

Guest interaction proxy

TCP

6190

Port used for communication with the guest interaction proxy.

TCP

6290

Port used as a control channel for communication with the guest interaction proxy.

TCP, UDP

137 to 139,
445

Ports used as a transmission channel.

Guest interaction proxy

ESXi server

TCP

443

Default port used for connections to ESXi host.
[For VMware vSphere earlier than 6.5] Not required if vCenter connection is used. In VMware vSphere versions 6.5 and later, port 443 is required by VMware web services.

Guest interaction proxy
or
Mount server

Microsoft Windows VM guest OS

TCP, UDP

135,
137 to 139,
445

Ports required to deploy the runtime coordination process on the VM guest OS.

TCP

49152 to 65535 (for Microsoft Windows 2008 and newer)

Dynamic port range used by the runtime process deployed inside the VM for guest OS interaction (when working over the network, not over VIX API).

For more information, see this Microsoft KB article.

TCP

6167,
2500 to 5000

[For Microsoft SQL logs shipping] Port used by the runtime process on the VM guest OS from which Microsoft SQL logs are collected.

Linux VM guest OS

TCP

22

Default SSH port used as a control channel.

TCP

2500 to 5000

Default range of ports used as transmission channels during Linux file-level recovery and for Oracle log backup.

For every TCP connection that a job uses, one port from this range is assigned.

* If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports: during setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the “RPC function call failed” error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Veeam U-AIR Connections

The following table describes network ports that must be opened to ensure proper communication of U-AIR wizards with other components.

From

To

Protocol

Port

Notes

U-AIR wizards

Veeam Backup Enterprise Manager

TCP

9394

Default port used for communication with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation.

Azure Proxy Connections

From

To

Protocol

Port

Notes

Backup server/ Backup repository

Azure proxy

TCP

443

Default management and data transport port required for communication with the Azure proxy. The port must be opened on the backup server and backup repository storing VM backups.

The default port is 443, but you can change it in the settings of the Azure Proxy. For details, see Specify Credentials and Transport Port

Azure Stack Connections

From

To

Protocol

Port

Notes

Backup server

Azure Stack

HTTPS

443, 30024

Default management and data transport port required for communication with the Azure Stack.

Proxy Appliance Connections (Restore to Amazon EC2)

From

To

Protocol

Port

Notes

Backup server/Backup Repository

Proxy appliance

TCP

22

Port used as a communication channel to the proxy appliance in the restore to Amazon EC2 process.

TCP

443

Default redirector port. You can change the port in proxy appliance settings. For details, see Specify Proxy Appliance.

Microsoft Active Directory Domain Controller Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the Microsoft Active Directory VM during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
Active Directory VM guest OS

TCP

135

Port required for communication between the domain controller and backup server.

TCP,
UDP

389

LDAP connections.

TCP

636, 3268, 3269

LDAP connections.

TCP

49152 to 65535 (for Microsoft Windows 2008 and newer)

Dynamic port range used by the runtime coordination process deployed inside the VM guest OS for application-aware processing (when working over the network, not over VIX API).* For more information, see this Microsoft KB article.

Microsoft Exchange Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the Veeam backup server with the Microsoft Exchange Server system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft Exchange 2003/2007 CAS Server

TCP

80, 443

WebDAV connections.

Microsoft Exchange 2010/2013 CAS Server

TCP

443

Microsoft Exchange Web Services Connections.

Microsoft SQL Server Connections During Application Item Restore

The following table describes network ports that must be opened to ensure proper communication of the backup server with the VM guest OS system during application-item restore.

From

To

Protocol

Port

Notes

Backup server

Microsoft
SQL VM guest OS

TCP

1433,
1434 and other

Port used for communication with the Microsoft SQL Server installed inside the VM.

Port numbers depends on configuration of your Microsoft SQL server. For more information, see Microsoft Docs.

SMTP Server Connections

The following table describes network ports that must be opened to ensure proper communication of the backup server with the SMTP server.

From

To

Protocol

Port

Notes

Backup server

SMTP server

TCP

25

Port used by the SMTP server.

Port 25 is most commonly used but the actual port number depends on configuration of your environment.

Veeam Backup Enterprise Manager Connections

Veeam Backup Enterprise Manager Connections

 

Veeam Explorers Connections

Veeam Cloud Connect Connections

Veeam Cloud Connect Connections

Veeam Agent for Microsoft Windows Connections

Veeam Agent for Linux Connections

Veeam Plug-ins for Enterprise Applications Connections

Internet Connections

If you use an HTTP(S) proxy server to access the Internet, make sure that WinHTTP settings are properly configured on Microsoft Windows machines with Veeam backup infrastructure components. For information on how to configure WinHTTP settings, see Microsoft Docs.

Used Ports Note:

Tenants cannot access Veeam Cloud Connect infrastructure components through HTTP(S) proxy servers. For information on supported protocols for Veeam Cloud Connect, see the Used Ports section in the Veeam Cloud Connect Guide.