Ports
Veeam Backup for OLVM and RHV automatically creates firewall rules for the ports required to allow communication between the backup appliance, workers and the backup server.
Backup Appliance
The following table describes network ports that must be open to ensure proper communication of the backup appliance with other backup infrastructure components.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup appliance | Backup server | TCP | 10006 | Used to communicate with the Veeam Backup & Replication server. |
oVirt KVM Manager | TCP/HTTPS | 443 | Used to communicate with the REST API service running on the oVirt KVM Manager. | |
oVirt KVM Manager | TCP | 54323 | Used to communicate with oVirt KVM Manager (hosted engine). | |
oVirt KVM host | TCP/HTTPS | 443 | Used to communicate with the REST API service running on an KVM host. | |
oVirt KVM host | TCP | 54322 | Used to communicate with oVirt KVM hosts. | |
Workers | TCP | 19000 | Used to communicate with workers. | |
Veeam backup repository or gateway server | TCP | 2500-3300 | Default range of ports used as transmission channels for jobs and restore sessions. For each TCP connection that a job uses, one port from this range is assigned. | |
Mail server | SMTP | 25 | Used to send email notifications. The port number can be changed. | |
Rocky Linux repositories (mirrors.rockylinux.org, mirrors.fedoraproject.org) | TCP/HTTP(S) | 80 (443) | Used to get OS security updates, .NET Core updates | |
Veeam Update Repository (repository.veeam.com) | TCP/HTTPS | 443 | Required to download available product updates, worker deployment packages and restore utilities. Note: Veeam Update Repository uses the Amazon CloudFront service to distribute traffic when downloading product updates. | |
Nginx repository (nginx.org/packages/, nginx.org/packages/keys/) | TCP/HTTPS | 443 | Used to download Nginx packages required for backup appliance updates. |
Workers
The following table describes network ports that must be open to ensure proper communication of workers with other backup infrastructure components.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Worker | Backup server | TCP | 10006 | Used to communicate with the Veeam Backup & Replication server. |
oVirt KVM Manager | TCP/HTTPS | 443 | Used to communicate with the REST API service running on the oVirt KVM Manager. | |
oVirt KVM Manager | TCP | 54323 | Used to communicate with oVirt KVM Manager (hosted engine). | |
oVirt KVM host | TCP/HTTPS | 443 | Used to communicate with the REST API service running on an oVirt KVM host. | |
oVirt KVM host | TCP | 54322 | Used to communicate with oVirt KVM hosts. | |
Backup appliance | TCP | 19001 | Used to communicate with the backup appliance. | |
Veeam backup repository or gateway server | TCP | 2500-3300 | Default range of ports used as transmission channels for jobs and restore sessions. For each TCP connection that a job uses, one port from this range is assigned. | |
Rocky Linux repositories (mirrors.rockylinux.org, mirrors.fedoraproject.org) | TCP/HTTP(S) | 80 (443) | Used to get OS security updates, .NET Core updates | |
Veeam Update Repository (repository.veeam.com, cloudfront.net) | TCP/HTTPS | 443 | Used to download worker update packages. | |
Nginx repository (nginx.org/packages/, nginx.org/packages/keys/) | TCP/HTTPS | 443 | Used to download Nginx packages required for worker updates. |
Backup Server
The following table describes network ports that must be open to ensure proper communication of the backup server with other backup infrastructure components.
From | To | Protocol | Port | Notes |
|---|---|---|---|---|
Backup appliance, Veeam Backup & Replication console | Backup server | TCP/HTTPS | 8544 | Used to communicate with the Platform Service REST API.
|
Backup server | FLR helper appliance | TCP | 22 | Used to connect to the helper appliance during file-level restore. |
Backup server | TCP/HTTPS | 6172 | Used by the Platform Service to enable communication with the Veeam Backup & Replication database. | |
oVirt KVM Manager | TCP/HTTPS | 443 | Used to communicate with the REST API service running on the oVirt KVM Manager. | |
oVirt KVM Manager | TCP | 54323 | Used to communicate with the oVirt KVM Manager (hosted engine). | |
oVirt KVM host | TCP | 54322 | Used to communicate with oVirt KVM hosts. | |
Backup appliance | TCP/HTTPS | 443 | Used by the Platform Service to connect to the backup appliance. |
Note |
For the list of ports used by the backup server to communicate with backup repositories, see the Veeam Backup & Replication User Guide, section Used Ports. |