The following network ports must be open to ensure proper communication of components in the Veeam Backup for AWS infrastructure.
Web browser (local machine)
Required to access the Web UI component from a user workstation.
Required to communicate with the backup service running on the backup appliance.
Default port required to communicate with the REST API service running on the backup appliance.
To learn how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference.
Required to access the file-level recovery browser running on a worker instance during the file-level restore process.
Default port used for sending email notifications.
Veeam Update Notification Server (repository.veeam.com)
Required to download information on available product updates.
Ubuntu Security Update repository (security.ubuntu.com)
Required to get OS security updates.
To open network ports, you must add inbound rules to security groups associated with Veeam Backup for AWS infrastructure components:
- A security group for the backup appliance is created during the product installation. For more information, see Installing Veeam Backup for AWS from AWS Marketplace and Installing Veeam Backup for AWS from AMI.
- A security group for worker instances is selected per AWS Region and Availability Zone. For more information, see Configuring Worker Instance Settings.
To learn how to add inbound rules to security groups, see AWS Documentation.