Veeam firewall ports windows.

Veeam firewall ports windows I'm not sure, if we ever have tested it with a smaller RPC Port range. By default, port 9392 is used. I have turned on VMWare Tools Quiescence and turned off Veeam VSS and it works fine. I added the affected machine to a new Sophos Policy such that the Windows Firewall would be set to Allow All. Firewall on the Veeam Backup Server; Firewall on the Windows machine itself. 1. Jun 9, 2021 · The idea behind the tool was to make it easier to find all the ports you need for a Veeam solution. 6005 to 65535 Jun 23, 2017 · We have some endpoints in our production environment that are located in separate LAN segments behind a firewall for security purpose. Each runtime component uses the next available port in the range, and only during application item restore. After adding the port range to the ACLs, the cluster was successfully added. So, if you want to test some communication port without install telnet client, you can use PowerShell for it. We want to backup to the B&R environment with VEB over the internet. I know that mount server provides powerNFS for instant restore etc. That is. Nov 7, 2016 · I know the agent handles the Windows firewall rules, but I have to talk to people in three different departments to get firewall rules and ACLs adjusted on all the equipment between the Veeam server and the Windows client, and can't do that when the rules aren't listed. And yes, I agree that it might be useful to also cover this specific scenario in the documentation in order for Veeam administrators to be able to provide Network Teams/Security Teams the actual, narrowed-down, list of ports needed in such scenario. Check Managed Server Configuration. 139. Ports - User Guide for VMware vSphere Sep 2, 2024 · When you add a Microsoft Windows machine to the backup infrastructure, Veeam Backup & Replication deploys Veeam Data Mover on it. These ports show up in our firewall log. Jul 12, 2016 · In most cases, for Veeam Backup & Replication, Veeam Agent for Microsoft Windows, and Veeam Agent for Linux, the relevant traffic will be between servers when data is transferred over the transport ports of 2500-3300 (TCP). TCP: 9401 [Remote console only] Port used by the Veeam Backup & Replication console during Windows file-level recovery. Nov 30, 2023 · By default, port 9393 is used. Install Veeam ONE Web UI and Client; Step 4. My que May 5, 2023 · Veeam ONE Ports; Veeam Agent for Microsoft Windows Ports; Veeam Agent for Linux Ports; Ports 2500-3300 are dedicated to data transport. 443. 6. TCP-Port 443: Für die sichere Kommunikation über Jan 25, 2011 · Veeam Community discussions and solutions for: 12. 1 backup console new firewall port 9420 requirement of Veeam Backup & Replication 12. Note that both ports are required. This KB describes the possible options of enabling the rules. We would like to show you a description here but the site won’t allow us. TCP port 902 (Veeam Data Mover) Additionally, if you're using Veeam Backup & Replication, you may also need to open: 1. You can also use a machine with Veeam Backup & Replication 12 or later that is deployed either along with any of these components, or as an independent solution. x86_64 May 8, 2021 · 6 - Use Windows Firewall with only necessary ports. For example: random ESXi hosts to Veeam Windows proxy/mount servers ports 111 (NFS/portmapper). So when Veeam backs up or restores data, it communicates via various ports between its components, the backed-up servers and the storage systems. thanks, John Mar 23, 2023 · Just to be clear, is connectivity within the 2500-3300 port range possible even outside of Veeam? Just I imagine that if 2500 is being blocked for some reason, then likely other ports in that range are as well. Backup. Obviously if you also have a device between your windows servers such as a physical firewall you will need to also manually open those same ports through it. May 7, 2024 · Try installing SSMS on the SQL Server itself and see if the browser discovers Veeam and then try another server in the network and see if it still appears as that will rule out any firewall/networking on the server itself, even if there are other network issues elsewhere it rules out the SQL Server endpoint being the issue. Sep 7, 2021 · Keep Windows Firewall On and add three new firewall rules. Data between the Veeam Agent for Linux computer and backup repositories is transferred directly, bypassing Veeam backup servers. Jun 23, 2017 · We have some endpoints in our production environment that are located in separate LAN segments behind a firewall for security purpose. If not, the firewall blocks the connection via the ports that Veeam uses for communication. After a Veeam upgrade from 12. msocsp. In order to access the Veeam Ports finder tool please navigate to https://www. By default the Mount Server role is assigned to the repository, but this can be delegated out to any Windows based server at the remote site, which runs under the service ‘Veeam Mount Service’ The VBR Server communicates with the Mount Server over ports TCP 9401 and TCP 6170 by default Feb 16, 2010 · Yes, the correct credentials were supplied. During setup, Veeam Backup & Replication automatically creates a firewall rule for the runtime process. Veeam Backup service port. Mar 1, 2023 · If the firewall is enabled on the NTS server, then incoming ports UDP 123 (NTP) and TCP 4460 (NTS-KE) need to be opened. Jan 4, 2017 · Perry, The firewall rules are created on the Backup & Replication server. You signed out in another tab or window. I have the ports listed under "Windows Server Connections" open from the backup server to the guest interaction proxy. For such setup you would need to keep port 10005 opened as was mentioned in Agent Management guide. James Wilmoth (TitaniumCoder477) faced a similar problem and wrote a PowerShell script to recreate the required firewall rules alongside some May 31, 2023 · Veeam ONE Server; Microsoft SQL Server; Veeam ONE UI; Walkthrough: Deploy and Configure Veeam ONE. 49152 to 65535 (for Microsoft Windows Server 2008 or later) Dynamic RPC range used by the runtime coordination process that is deployed on the target machine. But that's a configuration in the windows OS itself. Note that both ports are required. Sep 14, 2023 · I suspect the windows firewall is enabled and you’ll need to disable it 1st if you’ve not allowed the ports. . TCP: 9396: Port used by the Veeam. core. 0 port 10006 (10002 for older versions of VAL) should be sufficient to establish connection from agent to VBR. el6. TCP Jan 7, 2025 · Port used as a control channel from the Veeam Plug-in server to the target Linux host. They serve as gateways or entry points for data transfer, ensuring smooth operations of Veeam ONE services. 34 using port 6183. We are getting our IP addresses from the dhcp server, let's say that we got an IP 192. Configuring this registry value will cause all new Veeam Agent for Linux deployments for the specified Protection Group(s) (specified by ID#) to use the assigned port for the Veeam Transport Service. 2. The challenge we're facing at the moment is we're unable to block this 9392 connection, creating a dedicated windows firewall rule to block 9392 appears to be ineffective. This allowed Veeam to communicate and backup with the agent. The way to activate it is by reloading the rules from disk May 2, 2025 · Dynamic RPC port range for Microsoft Windows 2008 and later. You switched accounts on another tab or window. Can you ensue that no other application is using 6184? Sep 7, 2017 · Key Location: HKLM\SOFTWARE\Veeam\Veeam Endpoint Backup\ Value Name: EndPoint_Rpc_Transport_Port Value Type: DWORD (32-bit) Value Value Data(Dec): <available_port>* *For the Value data, specify an available idle port. May 23, 2023 · The ports and Firewall Rules below must be configured at the Windows Server machine to allow the remote connection from Veeam ONE: Veeam B&R Veeam B&R Server machine; Veeam Backup Proxy machines; Veeam Backup Repository machines (Windows-based) Veeam Backup WAN Accelerator machines (Windows-based) + other Windows-based remote servers; VMware May 28, 2022 · I configured a public IP through my firewall for the Veeam server but it's inside the firewall. Summary. Jul 15, 2020 · If StoreOnce Catalyst operations pass through a firewall, the network administrator must open (TCP) ports 9387 (Command protocol) and 9388 (Data protocol). Ports play a vital role in facilitating communication between different components of Veeam ONE. 111, 2049. I realize I'm being lazy here, just wondering if someone has already done the work of figuring out the ports etc. Jul 30, 2018 · Sometimes it is impossible to enable the necessary Firewall rules required by Veeam ONE using Windows Firewall UI. Initially I copied the automatically generated Veeam firewall rules on Proxys/Repo/Mount/B+R etc into group policies and this worked fine. Default port used by Veeam Agent for Microsoft Windows operating in the standalone mode for communication with the Veeam Backup server. 0 to 12. Oct 3, 2024 · Veeam Backup for Proxmox VE automatically creates firewall rules for the ports required to allow communication between the Proxmox VE server, workers and the backup server. Feb 18, 2020 · Re: Veeam proxy firewall ports Post by foggy » Fri Oct 02, 2020 9:59 pm this post Hi Kevin, these ports should be open in both directions, and please also consider the requirements for backup proxy and backup repository ports. I find it an acceptable workaround to have a fast solution. 4 days ago · On backup infrastructure components, Veeam Backup & Replication automatically creates firewall rules for the required ports on Windows-based machines. Dec 28, 2014 · great integration with Veeam B&R now, regarding VEB repositories. I think the reason for this is I have never been able to find documented firewall rules for deploying workstation Veeam agents, only for running them. Those ports will only be associated with a VeeamAgent process when data is actively being transferred. In addition to it, the Veeam Backup & Replication console uses this service port to connect to the backup server. Jul 18, 2024 · Which specific veeam PORT and/or PORTS can be manually enabled in the win fwl to avoid just the popular “turning off windows firewall”? Check here as there is a Port Finder tool from Veeam that will help with this - Ports Finder | Veeam Backup & Replication Best Practice Guide Dec 30, 2011 · Even with or without Windows 2012 R2 firewall turned or off, the VEEAM server fails to add the hyperV in another IP block. This port is used by Veeam Backup Enterprise Manager to collect data from backup servers. Key Location: HKLM\SOFTWARE\Veeam\Veeam Backup and Replication Apr 11, 2025 · Default command port used for communication with Lenovo ThinkSystem DM/DG Series over HTTP. Dec 21, 2010 · Veeam installation adds rules to windows firewall to allow incoming connections to proxy and agents. Configure Connection to SSRS Server; Step 5. TCP, UDP. A firewall (pfsense) is between the subnets, set to block any traffic between them. Veeam Explorers can be installed on a machine hosting Veeam Backup for Microsoft 365 8 or the Veeam Backup for Microsoft 365 Console component. You can find the lists of the ports in the following sections of the Veeam Backup & Replication User Guide: Oct 6, 2016 · When the Guest Interaction Proxy connects to a Windows 2012 R2 VM (client) to run VSS for application aware backups there is a file uploaded being renamed to C:\WINDOWS\VeeamVssSupport\VeeamGuestHelper. For example this command would set the proxy for all protocols to use proxy. Dec 9, 2021 · Somehow he managed to reset the Windows firewall back to default which wiped all custom rules including the Veeam ones. Jul 18, 2024 · Hyper V environment-Active Directory/Domain Veeam 12 is on VM1 on my domain pc Backup repository is a VM2 on a hyper v host1 We have a firewall doing what firewalls do etc VM1 successfully added **VM2(**veeam backup repository) The problem: Tried adding a windows server VM3 to VM1(located on hyper v host2) - I get the network path & credentials Oct 13, 2022 · hi there, the last couple weeks i face a weird issue which i will describe below. Feb 12, 2025 · Now what I usually do is that I have a job that backups up the Windows machine to My windows repo then another job that takes a backup copy from my repo to my local DC. Port 111 is used by the port mapper service. Reload to refresh your session. You can find the lists of the ports in the following sections of the Veeam Backup & Replication User Guide: Jun 15, 2024 · The help center article you have shared talks about "automatically opens ports used by the Veeam Data Mover". Note: If you use default Microsoft Windows firewall settings, you do not need to configure dynamic RPC ports. I did modify the server to my other credentials and it still works. When we start a job session, for each task we start VeeamAgent process. TCP port 9392 (Veeam Backup & Replication) Oct 31, 2022 · Before enabling the Windows Server firewall on all of my Veeam Backup servers, what are the ports or the rule I must manually add under: Code: Select all Control Panel\System and Security\Windows Defender Firewall\Allowed apps Per the documentation you linked, (at the top) veeam should automatically add all required ports in windows firewall. Only the 111 is mentionned. 135, 137 to 139, 445. 10001. We have already had a fight with the required firewall ports not being complete on the guide (you have to read a combinations of about 4 different port lists to cover everything). In this section, you can also find diagrams illustrating the interaction between Veeam Cloud Connect components and used ports in following scenarios: Feb 19, 2025 · Each runtime component uses the next available port in the range, and only during application item restore. 169. 34 Veeam agent then tries to connect 127. Traffic that flows from the backup server to my isolated systems. UDP and TCP port 135, 137, 138, 139 and 445 ? Dec 19, 2024 · Default port used for communication with Veeam Plug-in. My configuration was looking like this: domain controller wi01: firewall currently switched off (I know it's bad) veeam-Server outbound traffic is allowed Mar 23, 2015 · In the Veeam ports list the 1058 is only required from Backup server to Windows server using vpower services (that rule is ok for me) but can't find that from ESXi to Windows server using vpower services that the 1058 is required. Source Windows machine with Microsoft Exchange. Here's the "veeam" zone without the IPs ( 6160/tcp 6162/tcp 2501/tcp 2504/tcp were added dynamically by the Veeam services ): Jan 20, 2020 · Note: Replace <proxy> and <port> in quotes with the actual proxy server's hostname or IP and the port it uses. The idea was: let's block everything, and fix what gets broken by opening only what's required. Keep the firewall on for all domains (public, private and if applicable domain). 6160, 11731 May 11, 2017 · The VAW documentation describes the TCP/IP ports used by VAW when sending the backup to a Veeam repository. To access the backup repository (Windows server) we need to open a lot of ports (RPC port range, etc. Sep 21, 2023 · While port 445 is the port directly associated with the ADMIN$ share connectivity issue, other ports must be accessible to ensure the full functionality of Veeam Agent for Microsoft Windows. TCP UDP. 2500 to 2600. The default range of transmission channel ports is available in the Used Ports section of the user guide. TCP port 135 (RPC) 2. 04 and I would like to know how do you configure firewall on this system to allow only required port please ? If my research are correct, I could see I need only 22 + 6160 + 6162 port open and Veeam open the others when neededI think I understand the commands are differents Oct 13, 2015 · I'm trying to understand the behavior, because my expectation is that specifying the "veeam" zone in the files above it should limit where Veeam opens ports. My dad and I both have Windows-based plex servers, and we want to back up our servers, onto each others' servers onto spare hard drives we have. Apr 7, 2015 · A few times now, I have run into a situation where I want to reset the Windows firewall to default to try and eliminate a symptom, but I am loath to do that because I would have to recreate all the Veeam firewall rules. internal) through the ports TCP 80 and UDP 53, 123; Allow access to Ubuntu repositories that provide updates for the backup appliance. the actual veeamagent. Veeam Backup Agent computer (Windows) TCP. Ports used as a management channel from the Veeam Plug-in server to the Repository/Gateway server. Default port used by Veeam Agent for Microsoft Windows operating in the managed mode for communication with the Veeam Backup server. Oct 23, 2024 · Ports used by the Veeam Backup & Replication console to communicate with the backup server. It’s easy to prevent network time attacks against Veeam Hardened Repository. 9194. If an environment was upgraded from a version of Veeam Backup & Replication before 10, all existing components that were managed before the upgrade will continue to use 2500-5000. Backup proxy. By default, this port is 6180, but the service provider may customize this if customers have strict egress firewall rules. But even if port forwarding is done, I would need to list target systems. This port is used by the Sep 9, 2024 · I will start at the beginning. 9401 [Remote console only] Port used by the Veeam Backup & Replication console during Windows file-level recovery. i have Veeam B&R installed on a physical domain joined server 2012 r2. The default settings of common NTP clients prevent attacks against an up-and-running Hardened Repository server. The port is not listed as needed. Jan 10, 2025 · Default port used by the Veeam Guest Catalog service for catalog replication. Dec 16, 2024 · Note: Microsoft Exchange (in particular, Client Access) expands standard Windows dynamic RPC port range to provide better scalability. Step 1. If port 6184 is already in use, Veeam Plug-in Service tries to use the next port number in the allocated range (6184 to 6194). Jul 19, 2016 · I am currently working on the firewall settings and yesterday I tried to create the rules I need for an active directory object restore. These rules allow communication between the components. If you are using a third-party firewall, these rules must be created manually. Here’s the latest result of Test-NetConnection from a physical endpoint with the agent successfully installed. Commonly Used Ports Veeam ONE Server and Web UI Apr 7, 2024 · Here’s all of the automatically installed Windows Defender Advanced Firewall inbound rules created when Veeam is installed, plus a specific inbound for port 10005. Standard NFS ports. Secure connections port. Feb 26, 2025 · To learn about ports required to enable proper work of Veeam Agent for Microsoft Windows managed by Veeam Backup & Replication, see the Ports section in the Veeam Agent Management Guide. This tries to open the Windows firewall for the application. 14 Veeam is able to connect to bucket For me it's quite clear that this IP is used somewhere in Veeam and I've no idea why Veeam is not connecting this IP when using AWS S3 buckets. 135, 137 to 139, 6160, 11731. Now I am trying to do a file level restore directly from my repo to my VBR I reaad the documentation and opened the below ports: 135, 137-139, 445, 6170 Apr 10, 2023 · The Role of Ports in Veeam ONE. Best regards Jean-Philippe May 5, 2024 · Veeam Community discussions and solutions for: Ports for application aware processing of Microsoft Hyper-V Mar 24, 2025 · Make sure to open port on the Veeam Backup for Microsoft 365 server. For more information on the Veeam SQL Restore Service runtime component, see How Data Recovery Works. It looks more like a VEEAM issue than a Windows 2012 R2 issue. Sep 4, 2024 · On backup infrastructure components, Veeam Backup & Replication automatically creates firewall rules for the required ports. Workers. Jul 14, 2014 · I have a Windows Server 2012R2/vSphere environment and configure Windows Firewall via group policy to secure our internal network. Just open the necessary ports needed for Veeam to communicate with the necessary Apr 7, 2013 · So we're trying to restrict Veeam Console access by blocking port 9392 (Veeam Console port) to the VBR server from all sources except for the management server IP address. Is this technically possible and supported with VEB ? Big question, what ports should be forwarded / opened between laptop <> Internet <> B&R server (suppose all Veeam components are installed on the B&R server) ? Aug 16, 2024 · Default range of ports for the runtime component installed on the target or staging Oracle server to support restore operations. Mar 20, 2025 · To make sure that Veeam ONE can collect data using WMI, the account under which you connect Microsoft Windows machines must have permissions to remotely access WMI. TCP Apr 10, 2015 · The most annoying circumstance is Veeam Backup & Replication server 9. Configure the DNS entry of the vCenter for local IP address usage. That said, in case VM is not available on the network, FLR via VIX is performed, so in fact direct connection to it is not required. UDP. ocsp. Feb 29, 2012 · Veeam Community discussions and solutions for: Firewall ports and Endpoint Backup of Veeam Agent for Microsoft Windows Hier beispielhaft einige der wichtigsten Ports: Veeam Backup & Replication: TCP-Port 10001 bis 10300: Diese Ports werden für die Kommunikation zwischen dem Veeam-Backup-Server und den Proxy-Servern sowie den Repositories verwendet. In the case of this solution of changing the ports in Veeam, could you tell me exactly which ports and which registry keys need to be changed? Thanks in advance Dec 13, 2024 · Hello,I’m using Ubuntu 24. Make sure to open this port on the Veeam Backup for Microsoft 365 server. Veeam B&R creates Windows firewall rules for it's components when they're installed - it would be very nice if Veeam for M365 would do the same! Backup server is a Windows 7 machine, destination proxy another Windows 7 machine. 1536 does not recognize PasswordAuthentification on the target system is not allowed but prints out a very confusing message instead: "Host rescan is required" when waiting for rescan job and unable to process the backup. Can be customized during Veeam Backup & Replication installation. 1. 128. Jan 11, 2019 · Please advise how to configure the Windows Firewall to permit SQL database restores to a SQL server. Configure Data Retention; Security Guidelines. ). 10005. Data between the Veeam Agent computer and backup repositories is transferred directly, bypassing Veeam backup servers. Jan 25, 2024 · For every TCP connection that a backup job uses, one port from this range is assigned. Veeam Data Mover includes the components responsible for deployment of non-persistent runtime components or persistent agent components during guest OS interaction. 1 backup console new firewall port 9420 requirement - R&D Forums R&D Forums May 3, 2017 · I'm backing up windows VM's from a customers network that is hosted on our private cloud platform to our Veeam platform and have a locked down rule on our Veeam platform firewall that only allows 10001 and 2500-5000 through, this allows the Veeam agent to backup to our platform without any problems at all, the problem with the 2500-5000 range You signed in with another tab or window. Jul 28, 2022 · I can't deploy Veeam agents to our workstations remotely as the deployments are blocked by workstation Windows Firewall. From a command prompt run the Mar 26, 2015 · You just have to open your firewall from your Veeam server to two hosts: 1. Jun 6, 2024 · Veeam Community discussions and solutions for: Firewall ports unblocking of Veeam Agent for Microsoft Windows 4 days ago · Ports used by the Veeam Backup & Replication console to communicate with the backup server. google. Apr 2, 2025 · To learn what ports are required for other Veeam Backup & Replication components in the Veeam Cloud Connect infrastructure, see the Ports section in the Veeam Backup & Replication User Guide. Port required for remote network discovery of computers in the client infrastructure. Microsoft Windows server used as a backup repository or gateway server. It doesn’t provide mapping for specific hosts or any of the advanced feature that the Veeam Ports Tool provides. Port used to communicate with the Aug 22, 2014 · Review the firewalls present in the environment to ensure accommodations have been made for the ports used by Veeam Backup & Replication. Ensure all firewalls involved have been configured according to the Required Ports for Management of Veeam Agent for Microsoft Windows deployments. Veeam regularly throws warnings and errors that Veeam can't connect to certain Windows VMs for guest processing and guest runtime injection over the network. These connections are coming from Veeam rather than some kind of port scan or something - The connections are coming from the Veeam server (as evidenced by firewall logs showing me the source IP) and further proven by the fact that if I manually initiate a backup, these random ports are hit during the backup process (before any data is Nov 23, 2021 · Disabling the windows firewall for a short moment will make sure, that veeam can be installed. Mar 13, 2024 · A firewall in the environment is blocking traffic between the machine where Veeam Agent for Microsoft Windows is installed and the Veeam Backup Server. The 6184 port in the question is used locally for Veeam agent components communication. May 2, 2025 · Ports used locally on the Veeam Agent computer for communication between Veeam Agent components and Veeam Agent for Microsoft Windows Service. net <-- The URL of your blob storage in Azure. Install Veeam ONE Server; Step 3. Apr 3, 2025 · Default port used to download Veeam Agent for Microsoft Windows setup file from the Veeam Installation Server. Veeam Agent computer. 2500 to 3300. 445. exe that is executing is not one of the ones that had been added to the firewall rules during the installation/upgrade process Nov 22, 2018 · The problem I have now with the centralized approach is that there are multiple ports needed to stay in touch with my remote systems. 254 (metadata. The Windows firewall is not the strongest solution as a firewall, but's build-in, it's available, therefore use it as it should. Within the Veeam console, click Backup Infrastructure May 20, 2016 · Remote Office – with V9 Veeam Mount Server . Veeam will create the firewall rules allowing you to re-enable the firewall after readding it back in. Therefore, for the connection vCenter --> ESXi(s) port 443,902 (TCP) is required For clarification, here is the port list. blob. Firewall Rules Nov 25, 2019 · I manage a number of Windows VMs and Veeam. So theoretically, you shouldn’t need to manipulate your Windows f/w. Feb 2, 2017 · I was wondering if anyone else has already run into this and created a solution - like a GPO that allows the veeam proxies access through the windows firewall. We use Veeam Agent for Windows to backup those clients. Use the sintax below: Test-NetConnection -ComputerName <IP> -Port <port> May 19, 2022 · Veeam Backup Server. Currently it only has VMware and Hyper-V ports; however, that will be changing soon and will have: VMware; Hyper-V; AHV; Enterprise Jan 24, 2012 · Hello Fabian, thanks a lot for your reply - straight to the point! That is exactly the answer I was looking for. Lenovo ThinkSystem DM/DG Series storage system. Thanks Aug 23, 2011 · When Veeam Backup & Replication connects to a VM, it creates firewall exclusions for the ports and processes it uses. Veeam Data Mover ports are Port 2500 to 3300. veeambp. Which ports must be opened on the firewall to allow access from my Veeam Backup server/software to a NAS device on the DR site ? The Veeam backup will be configured to make the normal backups on a local available NAS and do a copy of it to the DR site for. 111. 111:8080" netsh winhttp set proxy proxy-server="proxy. TCP Port 443 needs to be opened from all Veeam Backup and VMware Backup Proxy servers as a Source with the vCenter internal IP as a target. Default range of ports used for communication between Veeam Agent for Linux components during data transmission. Apr 25, 2017 · Ports 2500-5000 have an IPTABLES rule to allow forward traffic between devices, as well as a rule for 10002 for the backup agent. As far as I know I have two options to fix this. windows. After doing a little research, I stumbled across a post on the Veeam R&D forum. Jan 14, 2014 · Hi Mike, thanks for your fast reply. Adding server public IP and hostname to Windows host file. Dec 14, 2017 · NSX-t allows VMC customers to directly access the management network over the built-in firewall. You can adjust the allowed port range for the dynamic TCP Ports. 14 port 80 - with fw rule access rule for 151. Feb 24, 2010 · One of the steps was moving the Veeam B&R server and vSphere hosts to a different subnet, to separate them from the business network. Required to manage inbound/outbound traffic when interacting with Veeam Explorer for Microsoft Exchange. May 11, 2021 · To do that, create firewall rules to connect to the address 169. The Dynamic RPC ports assigned to the temporary guest agents are the most common ports that cause this issue when Apr 21, 2015 · I have read several guides and we are still struggling to get this set up. Veeam Agent Computer (Microsoft Windows) on EC2 Instance. Default ports Nov 28, 2011 · If you have a stateful firewall (read: any firewall other than "dumb" network switch ACLs), these would not typically need to be opened explicitly - the firewall would automatically maintain a state table and dynamically open and close these return ports as needed. For this communication to function smoothly, certain ports must be enabled in the firewall. Turning the firewall OFF allows the restore to proceed, but my preference is either: For the Veeam software to open the firewall ports it needs by itself, just like it says in the manual. Port used by the Veeam. Dec 3, 2018 · So starting from a client with newly installed Windows Server 2019, with default Windows firewall configuration and a VEEAM server with Windows Server 2016 (veeam has installed the Guest Interaction Proxy on this server by default), I have to create a client rule for open traffic coming from the 2016 server on ports: 135, 137, 139, 445 (6190, 6290 are not necessary). This one you can get from the Azure management portal. Default command port used for communication with Lenovo ThinkSystem DM/DG Series over HTTPS. 1 -> 192. With Linux OS, you may need to. 5. TCP Apr 23, 2019 · Yes in this case it is Hyper-V, though I assume the ports would be the same regardless. com and select ‘Ports List Finder’. Pre-create Veeam ONE Database (Optional) Step 2. Nov 7, 2012 · If I understand you right, it will be a repository server rather than a proxy server. Strange behaviour, but I hope it stays working :) Sep 9, 2024 · There's a couple of new ports on the main App server that the Proxy needs to be able to connect to: NATS on port 4222 and PostgreSQL on port 5432. I figured out that often the firewall is the issue. TCP Jul 26, 2018 · Windows agent has a port failover logic, so if during Veeam Agent Service start the needed port is occupied by any other process, agent service will start to use next port it the list. Nov 24, 2022 · However: I did remove the Windows Server, re-added, but with the domain\administrator credentials and let it install all components. Veeam then will setup the correct ports in the windows firewall for you. Setup: Linux Agent: Centos 6 2. Jul 29, 2024 · To enable Veeam backups for your Windows servers, you'll need to open the following ports in your Windows Firewall: 1. tcp/139,l tcp/445, dynamic ports in the 50k range, ports in the 60k range, etc. 0. Jul 26, 2018 · Noted, in order to use agent managed by backup server you should create protection group for the desired scope of machines and deploy agents via Veeam B&R server. We use AAIP for all Windows servers. New veeam user here, haven't spent any money yet but happy to shell out $100-300 for a lifetime license (if those exist) if veeam can do what I want in its paid versions. Sep 6, 2022 · However, by default telnet client is not installed during Windows Server and the Veeam Backup Server often is our principal component our backup infrastructure. The previous person in the job had allowed the firewall traffic through with no restrictions and this issue happened when I tightened up the firewall rules. TCP. The following table describes network ports that must be open to ensure proper communication of workers with other backup infrastructure components. exe. tld (192. I'm reading some other stuff here but I don't really like the idea of such a long range of ports open. For more information, see this Microsoft article. The first VeeamAgent process will start with Port 2500, the second will use Port 2501, 5 days ago · Default ports used for communication with the Veeam backup server. If port 9395 or 6183 is already in use, Veeam Agent for Microsoft Windows Service will try to use the next port number. Veeam Backup & Replication, however, cannot add firewall exclusions to hardware or third-party software firewalls. Keep Windows Firewall On and manual install the Veeam Installer Service (VeeamDeploySvc) Switch Windows Firewall Off and enable File and Printer Sharing during the first install; Option 1 – Keep the Windows Firewall On and add three new firewall rules. The host discovery runs directly against the ESXi hosts, not via the VC. Ports used by the Veeam Guest Catalog service for replicating catalog data. Port used to communicate with the Jul 20, 2021 · - without fw rule for 151. #1 Global Leader in Data Resilience Nov 21, 2014 · I must do that also, but the main problem is, that our firewall software doesnt have an option to use workstations own ip address. Firewall in the network (if the traffic is crossing them). Happy if you can provide some help. Veeam Backup Server. Veeam Explorer for Microsoft Exchange. up to now i was able to add all other servers in the infrastructure (one more physical server 2012 r2, some VM servers 2012 r2 and a Azure file server 2019) without any issue. com <-- This one is needed for checking the SSL certificate of the Azure site. UIService process for managing database connections. Also, the ports are used to deploy Veeam components. Sep 5, 2011 · Your Agents only require access to their primary backup repository. 2 all communication with the remote agent in question stopped. During setup, Veeam ONE automatically creates a firewall rule for the runtime process. While the cloud gateway has to talk with the managing Veeam Backup & Replication server over TCP ports 6168 and 6160, it has to be reached only with the single TCP/UDP port used by the service over the internet. General Security Jan 16, 2015 · Prabhash, please review the full list of ports required for Veeam B&R components. Opening these ports allows the StoreOnce Catalyst traffic to pass to and from the StoreOnce Systems. Note: You must manually open this port range in Microsoft Windows Firewall. If that's the backup server, then you have to open this ports. Aug 15, 2024 · Ports used to deploy the runtime coordination process on the target machine. Start the Veeam Agent for Microsoft Windows service after putting the registry value in place. Next step would be to configure backup job (which in you case can be managed by agent). Dec 4, 2024 · Dynamic RPC port range for Microsoft Windows 2008 and later. log and the syslogs and there are no entries there. 111) port 8080: netsh winhttp set proxy proxy-server="192. 9396. Port 443 must be open on the machine that runs the master management agent. Jun 24, 2019 · Good day Kindly assist me. But after having a look at Microsofts list, I completely understand why you would not like to include this list in a statical user guide. There are several physical servers, including SQL Server, which is also a cluster. Directing 1024/65535 worked, but this is a hell of a long range of ports. 6160. Directing only 49152/65535 didn't work. 49152 to 65535 (for Microsoft Windows Server 2012 and later) Dynamic RPC port range. Not sure what firewall you have, but nearly every NGFW will allow you to view traffic analysis from point to point. Backup server, guest interaction proxy (Enterprise and Enterprise Plus editions) TCP. Ubuntu repositories are almost entirely defined by FQDNs that do not have static addresses behind them. Depending on the repository type, you should open the ports for communication with the source proxy and also those required for communication with Windows or Linux server, depending on the platform used. Version 7 release notes do not instruct the end-user to manually adjust windows firewall rules 3. Not even a "DROP" or "ACCEPT" message from the said IP address of the VEEAM. It is a massive attack surface available :/ May 17, 2017 · According to the support case notes, it turned out to be the open ports issue: Veeam B&R server was trying to communicate with the cluster on the dynamic port range and the firewall was dropping the connection. TCP port 445 (SMB/CIFS) 3. 14 Veeam is failing to add the bucket VeeamAgent connects to 151. Jul 6, 2023 · What are the ports and the protocol used by the Veeam backup server v12? I wanted to turn on my firewall, but don't want to cause the backup, replication or restore process to fail. They will be Aug 8, 2017 · For VAL 2. domain. I openened port 6162 as well, because firewall was blocking it. For details on on administrator permissions for connecting Veeam Backup & Replication and Veeam Backup Enterprise Manager see Connection to Veeam Backup & Replication Servers. Target machine with Microsoft SQL Server, staging server Sep 4, 2024 · On backup infrastructure components, Veeam Backup & Replication automatically creates firewall rules for the required ports. Feb 24, 2024 · I'm just starting to get involved with Veeam Backup & Replication and I'm facing a situation like the one described in this post, including the same third-party software (Qualys). Open Aug 14, 2012 · Veeam Community discussions and solutions for: Ports needed for NAS SMB Backup of File Shares and Object Storage Aug 13, 2019 · The new port range only applies to newly deployed components after Veeam Backup & Replication 10 is installed. What is the Ports List Finder? The tool brings together all the required ports from all the various Veeam Help Center pages into a single location. For more information, see this Microsoft KB article. Veeam Backup for Microsoft 365 server. I will turn Veeam VSS back on when we go to v5. Dec 20, 2015 · We are currently implementing new firewall rules and I'm seeing connections that I can not see in Veeam's used ports documentation. I looked at the pfirewall. that's the traffic I see on my firewall pass by. tld:8080" Jun 17, 2024 · The following information of Veeam Kasten for Kubernetes services and network ports associated with them will help with port mapping and rules in a firewall VM environment or service mesh configuration. You can simply create an ANY/ANY rule to allow all traffic, perform some tasks in VBR, then monitor what ports you see traffic flowing to/from and create rules based off of that. 168. 6005 to 65535 Dec 5, 2023 · Protection Group-Specifc Custom Transport Service Port. If the required ports are already allowed on VBR Windows firewall but the connection does not get through please keep working with support team. After the installation, windows firewall will be activated again by the administrator. It uses 10001/tcp to talk to the Veeam server and a port in the range 2500/tcp to 5000/tcp to transfer data to an Windows repository. 2. You can always just have a look at windows firewall to verify. I recommend open a support case and exporting for one of the affected jobs and let Veeam Support review the situation. Jan 7, 2025 · Port used as a control channel from the Veeam Plug-in server to the target Linux host. Feb 20, 2024 · And, when you install Veeam and its components (Proxies, Repos, etc), the installer already creates needed Windows f/w rules on the servers, as you can see from the Ports page in the Guide (see below): Veeam Ports. Once the service takes the next available port, it makes it the default port for all subsequent connections. 254. Jun 21, 2023 · # firewall-cmd --permanent --zone=veeamonly --add-port=6162/tcp --permanent Ok now we have made the zone but we have not activated it yet. I am not sure if that counts also when you deploy the components to the Hyper-V host. This could be a security issue. Nov 19, 2024 · The Veeam VBR server not only needs to talk to the vCenter, it also needs to talk to the ESXi servers. TCP/UDP-Port 135: Wird für die RPC-Kommunikation benötigt. Feb 19, 2024 · hi veeam communityI want to turn on the firewall of the backup server and configure the firewallI have veeam backup and enterprise manager on my serverThe servers that are backed up are mostly on hyper-v cluster. xxx. 32-642. gplwuu ulylt jlndteef ubcy zipep kbdmuzh lbii mlffxxrs fbcemc nrifyrl amhtxu qnhtkoou qtpw cvez wuussv