Veeam Backup & Replication 12
Veeam Backup Enterprise Manager Guide
Related documents
Search

Ports

This section covers typical Veeam Backup Enterprise Manager connections and default ports required for communication between Enterprise Manager components. The ports must be open on the target machine for inbound connections.

 

Note

For more information on ports specific for Veeam Backup & Replication infrastructure components, see the Ports section of the Veeam Backup & Replication User Guide.

Veeam Backup Enterprise Manager Connections

The following ports must be opened to ensure proper operation of Veeam Backup Enterprise Manager and communication between components.

From

To

Protocol

Port

Notes

Veeam Backup Enterprise Manager server

Backup server

TCP

9405

Default certificate port used by Enterprise Manager for collecting data from backup servers that have Veeam Backup & Replication 12 or later installed.

You can customize the port when you add a backup server. For more information, see Adding Backup Servers.

9392

Default port required for initial connection to a backup server (no matter what version it has).

The port is also used by Enterprise Manager for collecting data from backup servers that have Veeam Backup & Replication 11a or earlier installed.

You can customize the port when you add a backup server. For more information, see Adding Backup Servers.

9393

Default port used by the Veeam Guest Catalog service for catalog replication. Can be customized during Veeam Backup & Replication installation.

2500 to 2600

Ports used by the Veeam Guest Catalog service for replicating catalog data.

49152 to 65535 (for Microsoft Windows Server 2012 and later)

Dynamic RPC port range. For more information, see this Microsoft KB article.

PostgreSQL hosting the Enterprise Manager configuration database

TCP

5432

Default port used for communication with PostgreSQL hosting the Enterprise Manager configuration database.

Microsoft SQL Server hosting the Enterprise Manager configuration database

TCP

1433

Default port used for communication with Microsoft SQL Server hosting the Enterprise Manager configuration database.

Additional ports may be needed depending on your configuration. For more information, see the Microsoft SQL Docs Configure the Windows Firewall to Allow SQL Server Access article.

VMware vCenter Server

TCP

443

Default port used for connection to a vCenter Server and deploying the Veeam Plug-in for vSphere Client. Can be customized during Enterprise Manager installation. For more information, see Specify Service Ports.

DNS server with forward/reverse name resolution of all backup servers

UDP

53

Port used for communication with the DNS Server.

Active Directory domain controller

TCP, UDP

389

Port used by Enterprise Manager service to communicate with Active Directory over the LDAP protocol.

TCP

636

Port used by Enterprise Manager service to communicate with Active Directory over the LDAPS (LDAP over TLS/SSL) protocol.

TCP

3268

Port used by Enterprise Manager service to communicate with LDAP Global Catalog.

TCP

3269

Port used by Enterprise Manager service to communicate with LDAP Global Catalog over TLS/SSL.

TCP

49152 to 65535 (for Microsoft Windows 2008 and later)

Ports used by Enterprise Manager service to communicate with Active Directory. These ports are also used during restore through Veeam Self-Service File Restore Portal. This is a default dynamic port range. For more information, see Microsoft Support KB 832017.

Veeam License Update Server

TCP

443

Default port used to automatically update license from the Veeam License Update Server over HTTPS.

Veeam License Update Server endpoints:

  • vbr.butler.veeam.com
  • autolk.veeam.com

80

Required for certificate validation when Enterprise Manager connects to Veeam License Update Server to check if the new license is available and download it.

Certificate verification endpoints:

  • *.ss2.us
  • *.amazontrust.com

Consider that certificate verification endpoints (CRL URLs and OCSP servers) are subject to change. The actual list of addresses can be found in the certificate itself.

Veeam Backup Enterprise Manager
website (IIS extension)

Veeam Backup Enterprise Manager service

TCP

9394

Default port used by IIS extension to communicate with Veeam Backup Enterprise Manager. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

Veeam Cloud Connect Portal
website (IIS extension)

Veeam Backup Enterprise Manager service

TCP

9397

Default port used by IIS extension to communicate with Veeam Backup Enterprise Manager. This port value is built-in and cannot be customized during installation.

Browser

Veeam Backup Enterprise Manager website (IIS extension)

HTTP

9080

Default ports used to communicate with the website. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

When you work with Veeam Self-Service Backup Portal (accessed by the portal URL or from the native VMware Cloud Director environment) and vSphere Self-Service Backup Portal, your browser also communicates with the Veeam Backup Enterprise Manager website over this port.

HTTPS

9443

Veeam Cloud Connect Portal website (IIS extension)

HTTPS

6443

Default ports used to communicate with the website. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

Veeam Backup Enterprise Manager REST API client
and VMware vSphere Client
plug-in

Veeam Backup Enterprise Manager REST API

HTTP

9399

Default ports used to communicate with Veeam Backup Enterprise Manager REST API. Can be customized during Veeam Backup Enterprise Manager installation. For more information, see Specify Service Ports.

HTTPS

9398

Veeam ONE Server
(optional)

Veeam Backup Enterprise Manager server

TCP

Dynamically assigned ports

If you add the Veeam Backup Enterprise Manager server to the Veeam ONE monitoring scope, you must open ports required to gather data through WMI. For more information on enabling and disabling WMI traffic, see the Connecting to WMI Remotely with VBScript and Setting up a Remote WMI Connection articles of the Microsoft Windows Dev Center.

 

Note

Consider the following:

  • For communication between the Veeam Backup Enterprise Manager server and backup servers, Kerberos authentication is used by default.
  • During installation, Veeam Backup & Replication automatically creates firewall rules for default ports to allow communication for the application components.
  • For more information on Enterprise Manager network connectivity, refer to the Enterprise Manager article of the Veeam Backup and Replication Best Practices documentation.

 

Ports for Restore Operations

Guest OS File Restore (Windows)

From

To

Protocol

Port

Notes

Veeam Backup Enterprise Manager server

Mount server associated with backup repository

TCP

2500 to 6000

Ports used for file download.

Guest OS File Restore (non-Windows)

From

To

Protocol

Port

Notes

Veeam Backup Enterprise Manager server

Mount server (helper host or helper appliance)

TCP

2500 to 6000

Ports used for file download. For more information on the mount server, see Preparing for File Search and Restore (non-Windows machines).

 

Note

Consider the following:

  • For more information on the list of ports used by the mount server associated with the backup repository during file-level restore, see the Mount Server Connections section of the Veeam Backup & Replication User Guide.
  • For more information on the list of ports used by the components involved in 1-Click Restore to Original Location, see the Ports section of the Veeam Backup & Replication User Guide.

 

Microsoft SQL Server Database Restore

From

To

Protocol

Port

Notes

Machine running mount service1

Target machine with Microsoft SQL Server

TCP, UDP

135, 445

Ports used to deploy the runtime coordination process on the target machine.

TCP

49152 to 65535
(for Microsoft Windows Server 2008 or later)

Dynamic RPC range used by the runtime coordination process that is deployed on the target machine.

For more information, see this Microsoft article.

TCP

6160

Port used to communicate with Veeam Installer Service.

TCP

1433, 1434

Ports used to communicate with the Microsoft SQL Server installed on the target machine during application-item restore.

For more information, see this Microsoft article.

UDP

1434

Port used by the Microsoft SQL Server Browser service.

For more information, see this Microsoft article.

TCP

1025 to 1034

Default RPC range for the Veeam SQL Restore Service runtime component installed on a target or staging Microsoft SQL Server machine to support restore. Each runtime component uses the next available port in the range, and only during application item restore.

For more information on the Veeam SQL Restore Service runtime component, see the How Data Recovery Works section of the Veeam Explorers User Guide.

You must manually open this port range in Microsoft Windows Firewall.

Target machine with Microsoft SQL Server

Machine running mount service1

TCP

3260 to 3270

Port range opened by Veeam Backup & Replication to manage iSCSI traffic during restore to the target machine.

This port range is opened only during application item restore.

For more information, see the How Mounting Works section of the Veeam Explorers User Guide.

Backup repository

TCP

2500 to 3300

Port range used by the Veeam Agent persistent component deployed on the target or staging server.

This port range is only used during transaction log restore.

For more information on the components used during restore, see the How Data Recovery Works section of the Veeam Explorers User Guide.

1 Mount server associated with the repository (if restoring from backup), or a backup server (if restoring from replica).

Oracle Database Restore (1-Click)

From

To

Protocol

Port

Notes

Target machine with Oracle

Machine running mount service1

TCP

3260 to 3270

Ports used by Veeam Backup and Replication for iSCSI traffic. Ports are open only during the application item restore session.

1 Mount server associated with the repository (if restoring from backup), or a backup server (if restoring from replica).

 

Note

For more information on 1-Click Database Restore to the original Oracle server machine (remote machine), see 1-Click Restore to Original Location.

 

Oracle Database Restore (Custom Settings)

From

To

Protocol

Port

Notes

Machine running mount service1

Target Windows machine with Oracle

TCP

49152 to 65535

Recommended dynamic RPC port range for Microsoft Windows 2008 and later. For more information, see this Microsoft article.

TCP

1025 to 1034

Default range of ports for the runtime component installed on the target or staging Oracle server to support restore operations. Each runtime component uses the next available port in the range, and only during application item restore.

You must manually open this port range in Microsoft Windows Firewall.

TCP

6160, 11731

Ports used by the Veeam Installer Service for connections to the target Windows machine with Oracle.

Target Linux machine with Oracle

TCP

22

Default SSH port used as a control channel.

TCP

2500 to 5000

Default port range for data transmission.

1 Mount server associated with the repository (if restoring from backup), or a backup server (if restoring from replica).

Note

For more information on the process of database restore with custom settings, see Restore with Custom Settings.

 

View all results across Veeam
Back to document search