Ports
The following table lists connection settings required for proper communication between Veeam ONE components, virtualization servers, VMware Cloud Director servers, Veeam Backup & Replication servers and Veeam Backup for Microsoft 365 servers.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Communication with Virtualization Servers | ||||
Veeam ONE | ESXi server | TCP | 443 | Required to collect data from the ESXi server over HTTPS. Note that you must open this port manually. To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation. |
TCP | 5989 | Required to collect ESXi host hardware details via CIM XML. | ||
vCenter Server | TCP | 443 | Required to collect data from vCenter Server over HTTPS. To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation. | |
TCP | 10080 | Default port used to access the vCenter Inventory Service and collect vCenter Server tags. | ||
Platform Services Controller (PSC) | TCP | 443 | Default port used to access vCenter Server PSCs over HTTPS to collect and assign VMware Tags data. Required for vCenter Server starting from version 6.5. | |
VMware Cloud Director | TCP | 443 | Required to collect data from vCloud Director REST API. Note that you must open this port manually. For more information about vCloud Director API, see VMware documentation. | |
SCVMM | TCP | 8100 | Default port used to communicate with the VMM server through WCF. Required by the Veeam ONE Service. | |
Hyper-V server | TCP | 135 | Required to gather CPU and memory performance data from the Microsoft Hyper-V server through WMI. Port 445 is also required to access remote registry. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
Communication with Backup Infrastructure Components | ||||
Veeam ONE | Veeam Backup & Replication server | TCP | 135 | Required to gather CPU and memory performance data from the Veeam Backup & Replication server through WMI. Port 445 is also required to access remote registry. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery. |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
TCP | 1239 | Required to connect to the Veeam Backup & Replication server analytics and the Veeam Backup & Replication Remote Console host. | ||
TCP | 2805 | Default port used for communication with Veeam ONE agent installed on the Veeam Backup & Replication server. | ||
TCP | 8543 | Port used by the Nutanix AHV Platform Service. Required for collecting data about protected Nutanix VMs. | ||
TCP | 9402 | Port used by the AWS Platform Service. Required for collecting data about protected AWS instances. | ||
TCP | 9403 | Port used by the Google Cloud Platform Service. Required for collecting data about protected Google Cloud instances. | ||
TCP | 20443 | Port used by the Microsoft Azure Platform Service. Required for collecting data about protected Azure instances. | ||
Backup proxy | TCP | 135 | Required to gather CPU and memory performance data from the backup proxy through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
Backup repository (Windows) | TCP | 135 | Required to gather CPU and memory performance data from the backup repository through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
WAN accelerator | TCP | 135 | Required to gather CPU and memory performance data from the WAN accelerator through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
VM Guest OS (Microsoft Windows) | TCP | 135 | Required to monitor Microsoft Windows VM guest OS processes and services through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
VM Guest OS (Linux) | TCP | 22 | Required to monitor Linux VM guest OS processes and services through SSH. | |
Veeam Backup Enterprise Manager | TCP | 135 | Required to collect data from Veeam Backup Enterprise Manager through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
Veeam Backup for Microsoft 365 | TCP | 135 | Required to gather CPU and memory performance data from Veeam Backup for Microsoft 365 through WMI. For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection. | |
TCP | 49152 to 65535 | Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article. Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article. | ||
TCP | 4443 | Required to collect data from Veeam Backup for Microsoft 365 REST API over HTTPS. | ||
TCP | 5985 | Required to remotely enable the Veeam Backup for Microsoft 365 REST API service when adding a server to Veeam ONE and also for installing certificates for federated authentication. Port 5986 is used for communication over HTTPS. | ||
Other Communications | ||||
Veeam ONE | Veeam License Update Server | TCP | 443 | Default port used to access Veeam License Update Server over HTTPS to automatically update license and Veeam Intelligent Diagnostics signatures. Veeam License Update Server endpoints:
|
TCP | 80 | Required for certificate validation when Veeam ONE connects to Veeam License Update Server to check if the new license is available and download it. Certificate verification endpoints:
Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. | ||
SMTP server | TCP | 25 | Default port used by the SMTP server to send email notifications. The actual port number depends on the configuration of your environment. | |
File Server (SMB) | TCP | 445 | Port required to get information about used and free space on SMB shares used by connected Microsoft Hyper-V hosts and clusters. | |
Veeam ONE Server | Microsoft SQL Server | TCP | 1433 | Port used for communication with the Microsoft SQL Server on which the Veeam ONE database is deployed. |
Veeam ONE Web Services | Veeam ONE Server | TCP | 2714 | Port used for communication between Veeam ONE Web Services and Monitoring Service on the Veeam ONE Server. |
TCP | 2741 | Port used for communication with Veeam ONE internal Web API. | ||
TCP | 2742 | Port used for communication between Veeam ONE Web Services and Reporting Service on the Veeam ONE Server. | ||
Veeam ONE | Veeam ONE Server | TCP | 139 | Used by Veeam ONE Client to communicate with the Veeam ONE Server. These ports are also associated with the File and Printer Sharing service. |
UDP | 137 | |||
Workstation | Veeam ONE Web Services | TCP | 1239 | Default port to access Veeam ONE Web Services from a user workstation over HTTPS. A different port number can be chosen during setup. |