Ports requirement for System Recovery, Console, Manager, NAS, FTP Servers, Cloud services, and Veritas Update
Description
This document provides details of the port configuration for the Veritas System Recovery (VSR), VSR Console, VSR Manager, NAS, FTP servers, Cloud services, and Veritas Update in a firewall environment. The following are the port configuration details for each role:
When VSR computers are managed by VSR Manager:
Firewall settings on VSR computers
| Ports or program | Inbound/ Outbound |
Description |
| Local port number: TCP 135 Remote port number: Dynamic TCP port range |
Inbound | First, VSR Manager accesses Remote Procedure Call (TCP 135) on VSR computers from a dynamic port range. |
| Local port number: TCP 4443 (see Note 1) Remote port number: Dynamic TCP port range |
Inbound |
When VSR Manager deploys backup policies to VSR computers, the Manager accesses TCP 4443 on VSR computers from a dynamic port range. |
| Program: C:\Program Files\Veritas\Veritas System Recovery\Agent\VproSvc.exe Remote port number: Dynamic TCP port range |
Inbound | When VSR Manager checks the status of VSR computers, the Manager accesses DCOM port range (see Note 2) on VSR computers from a dynamic port range. |
Firewall settings on VSR Manager computer
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 135, 4443, DCOM port range |
Outbound | VSR Manager accesses TCP 135, 4443, or DCOM port range on VSR computers from a dynamic TCP port range. |
When VSR computers are managed by VSR Console:
Firewall settings on VSR computers
| Ports or program | Inbound/ Outbound |
Description |
| Local port number: TCP 135 Remote port number: Dynamic TCP port range |
Inbound | First, VSR Console accesses Remote Procedure Call (TCP 135) on VSR computers from a dynamic port range. |
| Program: C:\Program Files\Veritas\Veritas System Recovery\Agent\VproSvc.exe Remote port number: Dynamic TCP port range |
Inbound | When VSR Console checks the status of VSR computers, the Manager accesses DCOM port range (see Note 2) on VSR computers from a dynamic port range. |
Firewall settings on VSR Console computer
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 135, DCOM port range |
Outbound | VSR Console accesses TCP 135 or DCOM port range on VSR computers from a dynamic TCP port range. |
When VSR computers access shared folders on NAS:
Firewall settings on VSR computers
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 445 |
Outbound | When Veritas System Recovery reads or writes recovery point files on the NAS, Veritas System Recovery accesses TCP 445 on the NAS from a dynamic TCP port range. |
When VSR computers access shared folders on FTP servers (Passive mode):
Firewall settings on VSR computers
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 21 |
Outbound | VSR accesses TCP 21 on the FTP servers (passive mode) from a dynamic port range. |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: Dynamic TCP port range |
Outbound | VSR accesses a dynamic port on the FTP servers (passive mode) from a dynamic port range. |
When VSR computers access shared folders on FTP servers (Active mode):
Firewall settings on VSR computers
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 21 |
Outbound | VSR accesses TCP 21 on the FTP servers (active mode) from a dynamic port range. |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 20 |
Inbound | VSR accesses TCP 20 on the FTP servers (active mode) from a dynamic port range. |
When VSR computers access storage on Cloud services:
Firewall settings on VSR computers
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 80, 443 |
Outbound | VSR accesses http (TCP 80) or https (TCP 443) ports on Cloud storage from a dynamic port range. |
When VSR computers access Veritas Update:
Firewall settings on VSR computers
| Ports | Inbound/ Outbound |
Description |
| Local port number: Dynamic TCP port range (see Note 3) Remote port number: TCP 443 |
Outbound | VSR accesses https://update.veritas.com from a dynamic port range. |
Note 1:
The port number is defined in C:\ProgramData\Veritas\VERITAS SYSTEM RECOVERY\port.txt. Users can change from 4443 to any port number by editing the port.txt. To change TCP 4443 to any port, follow the steps below.
1. Stop the Veritas WebAPI Services service on VSR computers.
2. Launch File Explorer.
3. Open C:\ProgramData\Veritas\VERITAS SYSTEM RECOVERY\port.txt using Notepad.
4. Change 4443 to any port and save the port.txt.
5. Start the Veritas WebAPI Services service.
Note 2:
Users can manually set DCOM port range. To set DCOM port range, follow the steps below.
1. Run DCOMCNFG.exe.
2. Right-click My Computer in Component Services -> My Computer and select Properties.
3. Click Default Protocols, select Connection-oriented TCP/IP, then click Properties.
4. Click Add and enter at least 2000 ports into the Port range:.
For example: Port range: 30000-32000
5. Reboot.
Note 3:
Users can manually set the dynamic port range. To configure the port range, follow the steps below.
1. Launch Command Prompt.
2. Run below with one line if changing the ranges to 2000 ports at least.
netsh int ipv4 set dynamicport tcp start=N num=2000
Where, N is the starting port number.
3. To check the changed port ranges, run below.
netsh int ipv4 show dynamicport tcp
4. Reboot.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.