Ports
As AWS Plug-in for Veeam Backup & Replication is installed on the same machine where Veeam Backup & Replication runs, it uses the same ports as those described in the Veeam Backup & Replication User Guide, section Ports. In addition, AWS Plug-in for Veeam Backup & Replication also uses ports listed in the following table.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Web browser (local machine) | Backup appliance | TCP/HTTPS | 443 | Required to access the Web UI component from a user workstation. |
SSH | 22 | [Optional] Required to connect to the backup appliance using SSH. | ||
TCP/HTTPS | 11005 | [Optional] Default port required to communicate with the public REST API service running on the backup appliance. For more information on Veeam Backup for AWS REST API, see the Veeam Backup for AWS REST API Reference. To learn how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference. | ||
Worker instances | TCP/HTTPS | 443 | Required to access the file-level recovery browser running on a worker instance during the file-level recovery process. | |
Backup appliance | SMTP server | TCP/SMTP | 25 | Default port used for sending email notifications. |
Veeam Update Repository (repository.veeam.com), Amazon CloudFront (cloudfront.net, amazonaws.com) | TCP/HTTPS | 443 | Required to download available product updates, worker deployment packages and restore utilities. Note: Veeam Update Repository uses the Amazon CloudFront service to distribute traffic when downloading product updates. | |
Ubuntu Security Repository and OS Update Repository (security.ubuntu.com, archive.ubuntu.com) | TCP/HTTP | 80 | Required to get OS security updates. | |
Microsoft Package Repository (packages.microsoft.com, dotnetcli.blob.core.windows.net) | TCP/HTTPS | 443 | Required to get .NET package updates. | |
PostgreSQL Apt Repository (apt.postgresql.org) | TCP/HTTP | 80 | Required to get PostgreSQL updates. | |
PostgreSQL Website (postgresql.org) | TCP/HTTPS | 443 | Required to download the PostgreSQL Apt Repository key https://www.postgresql.org/media/keys/ACCC4CF8.asc. | |
TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. | ||
UDP | 53 | [Optional] Default port required to perform DNS resolution if you plan to use a custom DNS server for your VPC. | ||
Worker instances | TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. | |
UDP | 53 | [Optional] Default port required to perform DNS resolution if you plan to use a custom DNS server for your VPC. | ||
AWS Plug-in for Veeam Backup & Replication | Backup appliance, AWS services | TCP/HTTPS | 443 | Port used for communication with AWS and Veeam Backup for AWS. |
Backup server | TCP | 6172 | Port used by AWS Plug-in for Veeam Backup & Replication to connect to a component that enables communication with the Veeam Backup & Replication database. | |
Veeam Backup & Replication console and Veeam ONE server | AWS Plug-in for Veeam Backup & Replication | TCP | 9402 | Port used to connect to AWS Plug-in for Veeam Backup & Replication. |
To open network ports, you must add rules to security groups associated with Veeam Backup for AWS components:
- A security group associated with the backup appliance. For more information, see Deploying Appliance from Console.
- Security groups associated with worker instances. For more information, see Managing Worker Configurations.
To learn how to add security groups rules, see AWS Documentation.