Ports

The following table lists connection settings required for proper communication between Veeam ONE components, virtualization servers, VMware Cloud Director servers, Veeam Backup & Replication servers and Veeam Backup for Microsoft 365 servers.

From

To

Protocol

Port

Notes

Veeam ONE

vCenter
ESXi

SSL

4431

Required to collect data from vCenter Server / ESXi hosts.
To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation.

TCP

5989

Required to collect ESXi host hardware details via CIM XML.

TCP

10080
10443

Default port used to access vCenter Inventory Service (HTTP or HTTPS) and collect vCenter Server tags.

Required for vCenter Server 5.x only.

Platform Services Controller (PSC)

HTTPS

443

Default port used to collect and assign VMware Tags data.

Required for vCenter Server starting from version 6.5.

VMware Cloud Director

SSL

4431

Required to collect data from VMware Cloud Director.

SCVMM

TCP

8100

Default SCVMM Administrator Console to Microsoft SCVMM server port (required by the Veeam ONE Service).

Hyper-V host

TCP

135,
49152 to 65535

Required to collect data from Microsoft Hyper-V hosts through WMI.

TCP

135
445

Required to gather CPU and memory performance data from Microsoft Hyper-V hosts.4

TCP

445

Required to access remote registry.

Veeam Backup & Replication

TCP

135,
49152 to 65535

Required to collect data from Veeam Backup & Replication servers through WMI.

TCP

135
445

Required to gather CPU and memory performance data from Veeam Backup & Replication infrastructure servers.4

TCP

445

Required to access remote registry.

TCP

2805

Default port used for communication with Veeam ONE agent installed on Veeam Backup & Replication server.

TCP

1239
2741

Required to connect to Veeam Backup & Replication server analytics and Veeam Backup & Replication Remote Console host.

Veeam Backup Enterprise Manager

TCP

135,
49152 to 65535

Required to collect data from Veeam Backup Enterprise Manager through WMI.

Veeam backup proxy

TCP

135,
49152 to 65535

Required to gather CPU and memory performance data from backup infrastructure servers.4

Veeam backup repository (Windows)

TCP

135,
49152 to 65535

Required to gather CPU and memory performance data from backup infrastructure servers.4

Veeam WAN accelerator

TCP

135,
49152 to 65535

Required to gather CPU and memory performance data from backup infrastructure servers.4

Microsoft Windows VM Guest OS

TCP

135,
445,
49152 to 65535

Required to monitor Microsoft Windows VM guest OS processes and services.

Linux VM Guest OS

TCP

22

Required to monitor Linux VM guest OS processes and services.

Veeam License Update Server (one.butler.veeam.com)

TCP

443

Default port used for auto-update of license, Veeam Intelligent Diagnostics signatures.

Veeam License Update Server (setup.butler.veeam.com)

TCP

443

Default port used for auto-update of license during Veeam ONE setup.

Certificate Revocation List

TCP

80

Required for certificate validation when Veeam ONE connects to Veeam License Update Server (one.butler.veeam.com) to check if the new license is available and download it.

Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

HTTP

Certificate verification endpoints:

  • o.ss2.us
  • ocsp.sca1b.amazontrust.com
  • ocsp.rootca1.amazontrust.com
  • ocsp.rootg2.amazontrust.com
  • crl.r2m02.amazontrust.com
  • ocsp.r2m02.amazontrust.com
  • crl.rootca1.amazontrust.com

Veeam Download Server (download2.veeam.com)

TCP

443

Default port used to download Veeam Intelligent Diagnostics signatures.

Veeam Backup for Microsoft 365

HTTPS

4443

Required to collect data from Veeam Backup for Microsoft 365 REST API.

TCP

135,
445,
49152 to 65535

Required to gather CPU and memory performance data from Veeam Backup for Microsoft 365 infrastructure servers.

UDP

5355

Required to gather CPU and memory performance data from Veeam Backup for Microsoft 365 server.

Veeam Backup for Microsoft 365 (optional)

HTTP

5985

Required to remotely enable the Veeam Backup for Microsoft 365 REST API service when adding a server to Veeam ONE.

SMTP server

TCP

25

Default port used by the SMTP server to send email notifications.

Port 25 is most commonly used but the actual port number depends on configuration of your environment.

Veeam Backup & Replication (optional)

HTTPS

8543

Port used by Nutanix AHV Platform Service.
Required for collecting data about protected Nutanix VMs.

HTTPS

20443

Port used by Microsoft Azure Platform Service.
Required for collecting data about protected Azure VMs.

HTTPS

9402

Port used by AWS Platform Service.
Required for collecting data about protected AWS VMs.

HTTPS

9403

Port used by Google Cloud Platform Service.
Required for collecting data about protected Google Cloud instances.

File Server (SMB)

TCP

445

Port required to get information about used and free space on SMB shares used by connected Microsoft Hyper-V hosts and clusters.

Veeam ONE Server

Microsoft SQL Server

TCP

1433

Port used for communication with the Microsoft SQL Server on which the Veeam ONE database is deployed.
Additional ports may need to be open depending on your configuration. For details, see Microsoft Docs.

Veeam ONE Web Services

Veeam ONE Server

TCP

2714

Port used for communication between Veeam ONE Web Services and Monitoring Service on the Veeam ONE Server.

TCP

2742

Port used for communication between Veeam ONE Web Services and Reporting Service on the Veeam ONE Server.

TCP

2741

Port used for communication with Veeam ONE internal Web API.

Veeam ONE
Client

Veeam ONE Server

TCP

1393;
4453

Used by Veeam ONE Client to communicate with the Veeam ONE Server.

UDP

1373

Workstation
Web Browser

Veeam ONE Web Services

HTTPS

1239

Default port to access Veeam ONE Web Services from a user workstation (a different port number can be chosen during setup).

1 You must open these ports manually
2 To learn about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection
3 Associated with the File and Printer Sharing service
4 To gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.