Ports

In this article

    The following network ports must be open to ensure proper communication of components in the Veeam Backup for Microsoft Azure infrastructure.

    From

    To

    Protocol

    Port

    Description

    Workstation web browser

    Backup appliance

    TCP

    443

    Required to access the Web UI component from a user workstation.

    TCP

    443

    Required to communicate with the REST API service running on the backup appliance.

    Worker instance

    TCP

    443

    Required to access the Veeam File Level Recovery browser running on a worker instance during the file-level recovery process.

    Backup appliance

    Veeam Update Notification Server (repository.veeam.com)

    TCP

    443

    Required to download information on available product updates.

    Ubuntu Security Update repository (security.ubuntu.com)

    HTTP

    80

    Required to get OS security updates.

    Ubuntu Archive repository (azure.archive.ubuntu.com)

    HTTP

    80

    Required to get APT updates when updating the backup appliance manually using the terminal.

    APT repository of PostgreSQL packages (apt.postgresql.org)

    HTTP

    80

    DotNetCore Update Repository (packages.microsoft.com)

    TCP

    443

    Required to get .NET updates.

    SMTP server

    TCP

    25

    Required to send email notifications.

    Note: The TCP 25 port is the port that is most commonly used by SMTP servers.

    Azure AD

    TCP

    443

    Required to add service and repository accounts.

    Azure Resource Manager

    TCP

    443

    Azure Storage

    TCP

    443

    Required to communicate with Azure storage accounts.

     

    ServiceBus service

    TCP, AMQP

    443, 5671, 5672

    Required to communicate with user workstations.

    Azure Key Vault

    TCP

    443

    Required to encrypt backup repositories using cryptographic keys.

    Azure VMs

    Backup appliance

    TCP, AMQP

    443, 5671, 5672

    Required to communicate with Windows-based Azure VMs with enabled guest processing option. For more information, see Performing Backup.

    ServiceBus service

    TCP, AMQP

    443, 5671, 5672

    Azure Storage

    TCP

    443

    Worker instances

    Ubuntu Security Update repository (security.ubuntu.com)

    HTTP

    80

    Required to get OS security updates.

    ServiceBus service

    TCP, AMQP

    443, 5671, 5672

    Required to communicate with Windows-based Azure VMs with enabled guest processing option. For more information, see Performing Backup.

    SQL Servers

    TCP

    1433, 11000-11999

    Required to connect to SQL Servers.

    Note: The usage of the specified TCP ports depends on the networking settings of SQL servers. If the Redirect option is selected, port 1433 is used to establish only the first connection. If the Proxy option is selected, port 1433 is used to establish all connections by default. For more information on networking settings of SQL Servers, see Microsoft Docs.

    Azure SQL Managed Instances

    TCP

    3342

    Required to connect to Azure SQL Managed Instances using public endpoints.

    TCP

    1433, 11000-11999

    Required to connect to Azure SQL Managed Instances using private endpoints.

    Note: The usage of the specified TCP ports depends on the networking settings of SQL servers. If the Redirect option is selected, port 1433 is used to establish only the first connection. If the Proxy option is selected, port 1433 is used to establish all connections by default. For more information on networking settings of SQL Servers, see Microsoft Docs.

    Azure Storage

    TCP

    443

    Required to download worker binary files from Veeam storage accounts.

    ServiceBus service

    Worker instances

    TCP, AMQP

    443, 5671, 5672

    Required to perform image-level backup and restore operations.

    Backup appliance

    TCP, AMQP

    443, 5671, 5672

    Required to communicate with Windows-based Azure VMs with enabled guest processing option. For more information, see Performing Backup.