Ports

The following table lists connection settings required for proper communication between Veeam ONE components, virtualization servers, VMware Cloud Director servers, Veeam Backup & Replication servers and Veeam Backup for Microsoft 365 servers.

From

To

Protocol

Port

Notes

Communication with Virtualization Servers

Veeam ONE

ESXi server

TCP

443

Required to collect data from the ESXi server over HTTPS. Note that you must open this port manually.

To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation.

TCP

5989

Required to collect ESXi host hardware details via CIM XML.

vCenter Server

TCP

443

Required to collect data from vCenter Server over HTTPS.

To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation.

TCP

10080

Default port used to access the vCenter Inventory Service and collect vCenter Server tags.

Platform Services Controller (PSC)

TCP

443

Default port used to access vCenter Server PSCs over HTTPS to collect and assign VMware Tags data.

Required for vCenter Server starting from version 6.5.

VMware Cloud Director

TCP

443

Required to collect data from vCloud Director REST API. Note that you must open this port manually.

For more information about vCloud Director API, see VMware documentation.

SCVMM

TCP

8100

Default port used to communicate with the VMM server through WCF. Required by the Veeam ONE Service.

Hyper-V server

TCP

135
445

Required to gather CPU and memory performance data from the Microsoft Hyper-V server through WMI.

Port 445 is also required to access remote registry.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Communication with Backup Infrastructure Components

Veeam ONE

Veeam Backup & Replication server

TCP

135
445

Required to gather CPU and memory performance data from the Veeam Backup & Replication server through WMI.

Port 445 is also required to access remote registry.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

TCP

1239
2741

Required to connect to the Veeam Backup & Replication server analytics and the Veeam Backup & Replication Remote Console host.

TCP

2805

Default port used for communication with Veeam ONE agent installed on the Veeam Backup & Replication server.

TCP

8543

Port used by the Nutanix AHV Platform Service.

Required for collecting data about protected Nutanix VMs.

TCP

9402

Port used by the AWS Platform Service.

Required for collecting data about protected AWS instances.

TCP

9403

Port used by the Google Cloud Platform Service.

Required for collecting data about protected Google Cloud instances.

TCP

20443

Port used by the Microsoft Azure Platform Service.

Required for collecting data about protected Azure instances.

Backup proxy

TCP

135

Required to gather CPU and memory performance data from the backup proxy through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Backup repository (Windows)

TCP

135

Required to gather CPU and memory performance data from the backup repository through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

WAN accelerator

TCP

135

Required to gather CPU and memory performance data from the WAN accelerator through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

Note that to gather performance data from Windows Server 2012 and 2012 R2, you must additionally enable network discovery.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

VM Guest OS (Microsoft Windows)

TCP

135
445

Required to monitor Microsoft Windows VM guest OS processes and services through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

VM Guest OS (Linux)

TCP

22

Required to monitor Linux VM guest OS processes and services through SSH.

Veeam Backup Enterprise Manager

TCP

135

Required to collect data from Veeam Backup Enterprise Manager through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

Veeam Backup for Microsoft 365

TCP

135
445

Required to gather CPU and memory performance data from Veeam Backup for Microsoft 365 through WMI.

For more information about enabling and disabling WMI traffic, see Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection.

TCP

49152 to 65535

Dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft KB article.

Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. If you use firewall settings other than default ones or application-aware processing fails with the "RPC function call failed" error, you need to configure dynamic RPC ports. For more information on how to configure RPC dynamic port allocation to work with firewalls, see this Microsoft KB article.

TCP

4443

Required to collect data from Veeam Backup for Microsoft 365 REST API over HTTPS.

TCP

5985
5986

Required to remotely enable the Veeam Backup for Microsoft 365 REST API service when adding a server to Veeam ONE and also for installing certificates for federated authentication.

Port 5986 is used for communication over HTTPS.

Other Communications

Veeam ONE

Veeam License Update Server

TCP

443

Default port used to access Veeam License Update Server over HTTPS to automatically update license and Veeam Intelligent Diagnostics signatures.

Veeam License Update Server endpoints:

  • one.butler.veeam.com

TCP

80

Required for certificate validation when Veeam ONE connects to Veeam License Update Server to check if the new license is available and download it.

Certificate verification endpoints:

  • *.ss2.us
  • *.amazontrust.com

Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

SMTP server

TCP

25

Default port used by the SMTP server to send email notifications.

The actual port number depends on the configuration of your environment.

File Server (SMB)

TCP

445

Port required to get information about used and free space on SMB shares used by connected Microsoft Hyper-V hosts and clusters.

Veeam Intelligence

TCP

443

Port required to connect Veeam ONE Server to Veeam CDN Connection

Veeam Intelligence endpoints:

  • cdn.rest-ai.veeam.com
  • js.veeam.com

TCP

443

Port required to connect Veeam ONE Server and workstation to AI service

Veeam Intelligence endpoints:

  • rest-ai.veeam.com

Veeam ONE Server

Microsoft SQL Server

TCP

1433

Port used for communication with the Microsoft SQL Server on which the Veeam ONE database is deployed.
Additional ports may need to be open depending on your configuration. For details, see Microsoft Docs.

Veeam ONE Web Services

Veeam ONE Server

TCP

2714

Port used for communication between Veeam ONE Web Services and Monitoring Service on the Veeam ONE Server.

TCP

2741

Port used for communication with Veeam ONE internal Web API.

TCP

2742

Port used for communication between Veeam ONE Web Services and Reporting Service on the Veeam ONE Server.

Veeam ONE
Client

Veeam ONE Server

TCP

139
445

Used by Veeam ONE Client to communicate with the Veeam ONE Server.

These ports are also associated with the File and Printer Sharing service.

UDP

137

Workstation
web browser

Veeam ONE Web Services

TCP

1239

Default port to access Veeam ONE Web Services from a user workstation over HTTPS. A different port number can be chosen during setup.

Page updated 12/4/2024

Page content applies to build 12.3.0.4670