This is an archive version of the document. To get the most up-to-date information, see the current version.

Ports

The following network ports must be open to ensure proper communication of components in Veeam Backup for AWS architecture.

From	To	Protocol	Port	Notes
Web browser (local machine)	Backup appliance	TCP/HTTPS	443	Required to access the Web UI component from a user workstation.
		SSH	22	[Optional] Required to connect to the backup appliance using SSH.
		TCP/HTTPS	11005	[Optional] Default port required to communicate with the public REST API service running on the backup appliance. For more information on Veeam Backup for AWS REST API, see the Veeam Backup for AWS REST API Reference. To learn how to change the port number, see the Configuring Security Settings section in the Veeam Backup for AWS REST API Reference.
	Worker instances	TCP/HTTPS	443	Required to access the file-level recovery browser running on a worker instance during the file-level restore process.
Backup appliance	SMTP server	TCP/SMTP	25	Default port used for sending email notifications.
	Veeam Update Notification Server (repository.veeam.com)	TCP/HTTPS	443	Required to download information on available product updates.
	Ubuntu Security Update repository (security.ubuntu.com)	TCP/HTTP	80	Required to get OS security updates.
	AWS services	TCP/HTTPS	443	Required to perform data protection and disaster recovery operations.
Worker instances	AWS services	TCP/HTTPS	443	Required to perform data protection and disaster recovery operations.

To open network ports, you must add rules to security groups associated with Veeam Backup for AWS components:

A security group associated with the backup appliance. For more information, see Installing Veeam Backup for AWS Using CloudFormation Template and Installing Veeam Backup for AWS from AMI.
Security groups associated with worker instances. For more information, see Configuring Worker Instance Settings.

To learn how to add security groups rules, see AWS Documentation.