Firewall Requirements for Standard Operation

In order for the Virtual Appliance to function correctly, certain ports must be open between the VA and systems it needs to interact with. The ports required are as follows:

Web browser → Virtual Appliance
Details: Allows access to the GUI used to manage the Virtual Appliance
Port: TCP 443

Virtual Appliance → Deploying Software (Windows)
Details: Software deployment requires WinRM to install software on a target machine.
Ports: TCP 5985, TCP 5986.

Virtual Appliance → Deploying Software (Linux, AIX and Solaris)
Details: Software deployment requires SSH to install software on a target machine.
Ports: TCP 22

Virtual Appliance → VMware vCenter
Details: Allows the Virtual Appliance to discover the vSphere environment
Port: TCP 443

Virtual Appliance ← VMware ESXi Server
Details: Allows the vSphere environment to automatically mount the NFS shares exposed via the Virtual Appliance, required for Simulation, Recover and Replicate functionality
Ports: TCP 111, TCP 662, TCP 875, TCP 892, TCP 2049, TCP 32803
Versions Prior to 4.1 also require: UDP 111, UDP 2049, UDP 32769

Virtual Appliance ← CloneManager Source Environments
Details: Allows the CloneManager source environments to access centralised VA licensing
Ports: TCP 80

Virtual Appliance → Source Environments/Target Environments
Details: Allows the Virtual Appliance to control the BMR recovery and Replication processes
Ports: TCP 8080, TCP 4000, TCP 4001
Version 2.3 to 2.6 also requires: TCP 4002, TCP 4003, UDP 4002, UDP 4003
Versions Prior to 4.1 also require: UDP 4000, UDP 4001

Virtual Appliance → ET Environment
Details: Allows the Virtual Environment to talk to the Enhanced Testing Environment to manage replications
Port: TCP 80

Virtual Appliance → BMR Proxy
Details: Allows the Virtual Appliance to interact with 3rd party backup servers
Ports: TCP 8080, TCP 4000, TCP 4001
Version 2.3 to 2.6 also requires: TCP 4002, TCP 4003, UDP 4002, UDP 4003
Versions Prior to 4.1 also require: UDP 4000, UDP 4001

Virtual Appliance → Virtual Appliance (P4VM) Proxy
Details: Allows the Virtual Appliance access to the Proxy VM(s) to orchestrate VM backups and restores
Port: TCP 80

Virtual Appliance (P4VM) Proxy → VMware ESXi Server
Details: Allows the Virtual Appliance proxy to access VMDKs to provide VM backup/restore capabilities
Ports: TCP 443, TCP 902

Virtual Appliance (P4VM) Proxy → SMB Backup Storage
Details: Allows the proxy VM access to CIFS based storage as a location to store the VM backups taken when using Protect for VMs
Ports: TCP 139, TCP 145
Versions Prior to 4.1 also require: UDP 137, UDP 138

Virtual Appliance (P4VM) Proxy → NFS Backup Storage
Details: Allows the proxy VM access to NFS based storage as a location to store the VM backups taken when using Protect for VMs
Ports: TCP 111, TCP 2049
Versions Prior to 4.1 also require: UDP 111, UDP 2049

Replication Source <-> Target Environments
Details: Allows the transfer of data between source system and target system for replications
Ports: TCP 4000, TCP 4001, TCP 445
Versions Prior to 4.1 also require: UDP 4000, UDP 4001, UDP 500

Linux Replication Target → Source Environments
Details: Allows the transfer of data from source system to target system for replications
Port: TCP 22

TBMR Recovery Environment → IBM TSM (Spectrum Protect) Server
Details: Allows the transfer of backup data from the TSM (Spectrum Protect) server back to the Recovery Environment for DR purposes
Port: TCP 1500 (configurable in backup server discovery)

NBMR Recovery Environment → EMC Networker Server
Details: Allows the transfer of backup data from the Networker server back to the Recovery Environment for DR purposes
Port: TCP 7938

ABMR Recovery Environment → EMC Avamar Server
Details: Allows the Avamar client to communicate with the Avamar server to start disaster recovery
Ports: TCP 53 (DNS) TCP 443 (HTTPS), TCP 27000, TCP 28001, TCP 29000, TCP 30001, TCP 30003

ABMR Recovery Environment ← EMC Avamar Server
Details: Allows the transfer of backup data from the Avamar server back to the Recovery Environment for DR purposes
Ports: TCP 28002, TCP 30001

CoBMR Recovery Environment → Cohesity Server
Details: Allows the DR environment to communicate with the Cohesity server to start disaster recovery
Port: TCP 443 (HTTPS)

CoBMR Recovery Environment ← Cohesity Server
Details: Allows the transfer of backup data from the Cohesity server back to the Recovery Environment for DR purposes
Ports: TCP 50051, TCP 59999

2 Likes