Ports

Veeam Backup for Nutanix AHV automatically creates firewall rules for the ports required to allow communication between the Nutanix AHV backup appliance, workers and the backup server.

Important

Some Linux distributions require manual configuration of firewall rules. For more information, see this Veeam KB article.

Backup Appliance

The following table describes network ports that must be opened to ensure proper communication of the Nutanix AHV backup appliance with other backup infrastructure components.

From

To

Protocol

Port

Notes

Workstation web browser

Nutanix AHV backup appliance

TCP/HTTPS

443

Used to access the Nutanix AHV backup appliance web console.

Nutanix AHV backup appliance

Nutanix REST API

TCP/HTTPS

9440

Used to communicate with Nutanix AHV REST API.

Backup server

TCP

10006

Used to connect to Veeam Backup & Replication.

Workers

TCP

19000

Used to communicate with workers.

Nutanix AHV server
(Cluster Virtual IP, Cluster iSCSI Data Services IP, Cluster CVM IPs)

TCP/iSCSI

3205, 3260

Used to access disks attached to Nutanix AHV VMs.

Veeam backup repository (or gateway server)

TCP

2500-3300

Default range of ports used as transmission channels for jobs and restore sessions. For every TCP connection that a job uses, one port from this range is assigned.

Mail server

SMTP

25

Used to send email notifications. The port number can be changed.

Rocky Linux repositories

(mirrors.rockylinux.org, mirrors.fedoraproject.org, rockylinux.map.fastly.net)

TCP/HTTP(S)

80 (443)

Used to get OS security updates, .NET Core updates and PostgreSQL update packages.

The listed mirror URLs are used to get actual URLs that will be used to obtain updates.

Veeam Update Repository
(repository.veeam.com)

Amazon CloudFront
(cloudfront.net, amazonaws.com)

TCP/HTTPS

443

Used to download Nutanix AHV backup appliance update packages.

Note: Veeam Update Repository uses the Amazon CloudFront service to distribute traffic when downloading product updates.

Nginx repository

(nginx.org/packages/, nginx.org/packages/keys/)

TCP/HTTPS

443

Used to download Nginx packages required for Nutanix AHV backup appliance web console updates.

Workers

The following table describes network ports that must be opened to ensure proper communication of workers with other backup infrastructure components.

From

To

Protocol

Port

Notes

Worker

Nutanix REST API

TCP/HTTPS

9440

Used to communicate with Nutanix AHV REST API.

Backup server

TCP

10006

Used to connect to Veeam Backup & Replication.

Backup appliance

TCP

19001

Used to communicate with the backup appliance.

Nutanix AHV server
(Cluster Virtual IP, Cluster iSCSI Data Services IP, Cluster CVM IPs)

TCP/iSCSI

3205, 3260

Used to access disks attached to Nutanix AHV VMs.

Veeam backup repository (or gateway server)

TCP

2500-3300

Default range of ports used as transmission channels for jobs and restore sessions. For every TCP connection that a job uses, one port from this range is assigned.

Rocky Linux repositories

(mirrors.rockylinux.org, mirrors.fedoraproject.org, rockylinux.map.fastly.net)

TCP/HTTP(S)

80 (443)

Used to get OS security updates, .NET Core updates and PostgreSQL update packages.

Note: The listed mirror URLs are used to get actual URLs that will be used to obtain updates.

Veeam Update Repository
(repository.veeam.com)

Amazon CloudFront
(cloudfront.net, amazonaws.com)

TCP/HTTPS

443

Used to download Nutanix AHV backup appliance update packages.

Note: Veeam Update Repository uses the Amazon CloudFront service to distribute traffic when downloading product updates.

Nginx repository

(nginx.org/packages/, nginx.org/packages/keys/)

TCP/HTTPS

443

Used to download Nginx update packages.

Backup Server

The following table describes network ports that must be opened to ensure proper communication of the backup server with other backup infrastructure components.

From

To

Protocol

Port

Notes

Veeam Backup & Replication console

and Veeam ONE server

Backup server

TCP/HTTPS

8543

Used to communicate with the Platform Service REST API.

FLR helper appliance

Backup server

TCP

2500

Used to connect to the backup server during file-level restore.

Mount Service

Backup server

TCP

9401

Used to connect to the backup server during file-level restore.

Backup server

FLR helper appliance

TCP

22

2500

Used to connect to the helper appliance during file-level restore. For the full list of ports used for connections to the FLR helper appliance, see the Veeam Backup & Replication User Guide, section Used Ports.

Backup server

TCP/HTTPS

6172

Used by the AHV Platform Service to enable communication with the Veeam Backup & Replication database.

Nutanix AHV cluster

TCP/HTTPS

9440

Used by the AHV Platform Service to connect to an Nutanix AHV cluster.

Nutanix AHV backup appliance

TCP/HTTPS

443

Used by the AHV Platform Service to connect to Nutanix AHV backup appliance.

 

Note

For the list of ports used by the backup server to communicate with backup repositories, see the Veeam Backup & Replication User Guide, section Used Ports.

vPower NFS Service

The vPower NFS Service is a Microsoft Windows service that runs on a Microsoft Windows machine and enables this machine to act as an NFS server. The vPower NFS Service is required to perform such operations as file-level restore and Instant Recovery.

Note

For the full list of ports required for Performing File-Level Restore, see the Veeam Backup & Replication User Guide, section Used Ports.

 

From

To

Protocol

Port

Notes

Nutanix AHV cluster

Microsoft Windows server with the mount server role running vPower NFS Service

TCP

UDP

111

Used by the Port Mapper service.

TCP

UDP

1058+ or 1063+

Used as default mount port. The number of port depends on where the vPower NFS Service is located:

  • 1058+: If the vPower NFS Service is located on the backup server.
  • 1063+: If the vPower NFS Service is located on a separate Microsoft Windows machine.

If port 1058/1063 is occupied, the succeeding port numbers will be used.

TCP

UDP

2049+

Used as NFS port. If port 2049 is occupied, the succeeding port numbers will be used.