Ports
The following network ports must be open to ensure proper communication of components in Veeam Backup for AWS architecture.
From | To | Protocol | Port | Notes |
---|---|---|---|---|
Web browser (local machine) | Backup appliance | TCP/HTTPS | 443 | Required to access the Web UI component from a user workstation. |
SSH | 22 | [Optional] Required to connect to the backup appliance using SSH. | ||
TCP/HTTPS | 11005 | [Optional] Default port required to communicate with the public REST API service running on the backup appliance. For more information on Veeam Backup for AWS REST API, see the Veeam Backup for AWS REST API Reference. To learn how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference. | ||
Worker instances | TCP/HTTPS | 443 | Required to access the file-level recovery browser running on a worker instance during the file-level restore process. | |
Backup appliance | SMTP server | TCP/SMTP | 25 | Default port used for sending email notifications. |
Veeam Update Notification Server (repository.veeam.com) | TCP/HTTPS | 443 | Required to download information on available product updates. | |
Ubuntu Security Update repository (security.ubuntu.com) | TCP/HTTP | 80 | Required to get OS security updates. | |
TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. | ||
Worker instances | TCP/HTTPS | 443 | Required to perform data protection and disaster recovery operations. |
To open network ports, you must add rules to security groups associated with Veeam Backup for AWS components:
- A security group associated with the backup appliance. For more information, see Installing Veeam Backup for AWS Using CloudFormation Template and Installing Veeam Backup for AWS from AMI.
- Security groups associated with worker instances. For more information, see Configuring Worker Instance Settings.
To learn how to add security groups rules, see AWS Documentation.