Ports
To ensure proper communication of components in the Veeam Backup & Replication infrastructure within the AWS environment, you must configure inbound rules for security groups associated with Veeam Backup & Replication infrastructure components. A security group for the EС2 instance is created during the product installation. For more information, see Deploying Veeam Backup & Replication from AWS Marketplace and Deploying Veeam Backup & Replication from AMI.
To learn how to add rules to security groups, see the AWS Documentation.
The following table describes network ports that must be open to ensure proper communication of components in the Veeam Backup & Replication infrastructure.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Management workstation | Veeam Backup & Replication EC2 Instance | TCP, UDP | 3389 | Required to access the VBR User interface by using the Remote Desktop client from a management workstation. |
Veeam Backup Server | Veeam Agent Computer (Microsoft Windows) on EC2 Instance | TCP | 6184+ | Default port used for communication with the Veeam Agent for Microsoft Windows Service. |
TCP | 135, | Default ports used for communication with the Veeam Installer Service. | ||
TCP | 2500 to 3300 | [For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer. | ||
TCP | 6167, | [For Microsoft SQL logs shipping] Ports used to collect Microsoft SQL logs from the Veeam Agent computer operating as part of a failover cluster with SQL Server AlwaysOn Availability Groups. | ||
TCP | 6211 | [For storage snapshots support] Port used for communication with the hardware VSS provider. | ||
TCP | 6160, | Port used for the volume-level restore. | ||
Veeam Agent Computer (Linux) on EC2 Instance | TCP | 22 | Default port used as a control channel from the Veeam Backup Server to the Veeam Agent computer. | |
TCP | 6162 | Default port used by the Veeam Data Mover. | ||
TCP | 2500 to 3300 | Default range of ports used for communication between Veeam Agent components during data transmission. For every TCP connection that a backup job uses, one port from this range is assigned. | ||
Veeam Agent Computer (Microsoft Windows) on EC2 Instance | Veeam Backup Server | TCP | 10005 | Default port used by Veeam Agent for Microsoft Windows operating in the managed mode for communication with the Veeam Backup server. |
Veeam Agent Computer (Linux) on EC2 Instance | Veeam Backup Server | TCP | 10006 | Default port used for communication with the Veeam Backup server. |
Veeam Agent Computer on EC2 Instance | Veeam Backup Server (Windows-based) performing the role of a backup repository | TCP | 49152 to 65535 | Dynamic RPC port range. |
TCP | 2500 to 3300 | Default range of ports used as data transmission channels. For every TCP connection that a job uses, one port from this range is assigned. | ||
Veeam Backup & Replication EC2 Instance | Amazon S3 Object Storage | TCP | 443 | Used to communicate with Amazon S3 Object Storage. |
HTTPS | Cloud endpoints:
A complete list of connection endpoints can be found in this Amazon article. | |||
TCP | 80 | Used to verify the certificate status. Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself. | ||
HTTP | Certificate verification endpoints:
| |||
Veeam Backup & Replication EC2 Instance | Veeam Update Notification Server (dev.veeam.com) | HTTPS TCP | 443 | Default port used to download information about available updates from the Veeam Update Notification Server over the Internet. |
Veeam License Update Server (vbr.butler.veeam.com, autolk.veeam.com) | HTTPS TCP | 443 | Default port used for license auto-update. |