Ports
As Veeam Plug-In for AWS is installed on the same machine where Veeam Backup & Replication runs, it uses the same ports as those described in the Veeam Backup & Replication User Guide, section Ports — in addition to the ports listed in the following table.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Web browser (local machine) | Backup appliance | TCP/HTTPS | 443 | Required to access the Web UI component from a user workstation. |
SSH | 22 | [Optional] Required to connect to the backup appliance using SSH. | ||
TCP/HTTPS | 11005 | [Optional] Default port required to communicate with the public REST API service running on the backup appliance. For more information on Veeam Backup for AWS REST API, see the Veeam Backup for AWS REST API Reference. To learn how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference. | ||
Worker instances | TCP/HTTPS | 443 | Required to access the file-level recovery browser running on a worker instance during the file-level recovery process. | |
SMTP server | TCP/SMTP | 25 | Default port used for sending email notifications. | |
Veeam Update Repository (repository.veeam.com), Amazon CloudFront (cloudfront.net, amazonaws.com) | TCP/HTTPS | 443 | Required to download available product updates, worker deployment packages and restore utilities. Note: Veeam Update Repository uses the Amazon CloudFront service to distribute traffic when downloading product updates. | |
Ubuntu Security Repository and OS Update Repository (security.ubuntu.com, archive.ubuntu.com) | TCP/HTTP | 80 | Required to get OS security updates. | |
Microsoft Package Repository (packages.microsoft.com, dotnetcli.blob.core.windows.net) | TCP/HTTPS | 443 | Required to get .NET package updates. | |
PostgreSQL Apt Repository (apt.postgresql.org, archive.ubuntu.com) | TCP/HTTPS | 443 | Required to get PostgreSQL updates. | |
PostgreSQL Website (postgresql.org) | TCP/HTTPS | 443 | Required to download the PostgreSQL Apt Repository key. | |
TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. | ||
UDP | 53 | [Optional] Default port required to perform DNS resolution if you plan to use a custom DNS server for your VPC. | ||
Worker instances | TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. | |
UDP | 53 | [Optional] Default port required to perform DNS resolution if you plan to use a custom DNS server for your VPC. | ||
Veeam Plug-In for AWS | Backup appliance, AWS services | TCP/HTTPS | 443 | Port used for communication with AWS and Veeam Backup for AWS. |
AWS CheckIP service | TCP/HTTPS | 443 | Required to get the public IP address of the Veeam Backup & Replication server during the deployment of Veeam Plug-In for AWS. | |
Veeam Backup & Replication console and Veeam ONE server | Veeam Plug-In for AWS | TCP | 9402 | Port used to connect to Veeam Plug-In for AWS. |
To open network ports, you must add rules to security groups associated with Veeam Backup for AWS components:
- A security group associated with the backup appliance. For more information, see Deploying Appliance from Console.
- Security groups associated with worker instances. For more information, see Managing Worker Configurations.
To learn how to add security groups rules, see AWS Documentation.