Remove Port 443 Hardecoded Requirement in VBR13

Hi and welcome to the community!

I recommend posting this into our R&D forums as well, that’s where our product management is involved:

https://forums.veeam.com/

Best

Lukas

There is no way to change this currently.  The best suggestion would be to post on the forums as a suggestion or search there for other posts about this as I am sure there are some.

https://forums.veeam.com 

I love how these are the forums that the support rep linked me to, and it was the wrong place to post. 

Can someone why I have to deal with community support as a paying customer, instead of there just being a valid path from support to product designers? (And why there are two disparate community support forums?)  Seems like this system is engineered to ignore feature requests (or in my case, lamenting products being unnecessarily crippled). 

Hi,

I must ask, why are you exposing access to your VBR servers to the internet. You shouldn’t be doing this, it’s not a smart security decision. If you have a site to site VPN you should be using this and if not, this would make much more sense. Or an agent you can securely connect to over the internet for remote access (you mentioned Client VPN here already which would achieve this) makes much more sense.

Also, you don’t need an additional IP you could do NAT translation to manipulate any port to any other on your WAN to LAN journey, though security through obscurity isn’t security.

Community.veeam.com is focused on customer to customer conversations, knowledge sharing as a community etc. forums.veeam.com is our R&D forums so the right place to have customer to Veeam conversations around feature requests etc.

We basically have two forums:

This open community hub and the internal Veeam R&D forums that Chris and I shared above. I’d always post those in both forums for visibility. 😊

I’m exposing it because there’s no practical other way to get BEM to collect data from VBR servers that I know of. There’s no reason to have site-to-site VPN between different companies that we support, and it’s not practical to implement one for several reasons (regulatory constraints and IP overlap for example). 

This isn’t for remote access to Veeam’s console. I just remote control the VBR server usig our RMM tool to do that. This is for Backup Enterprise Manager to collect data. 

As it happens, I agree, since BEM is the “service provider” side, I would have expected to need to configure the B&R servers to phone home to the BEM, which could be in our main datacenter, with only the one necessary port forwarded, instead of having EVERY B&R server at EVERY site with exposed ports. But nope! The port guidance for BEM here has a great big list of ports I need to make available for it to collect data: https://helpcenter.veeam.com/docs/vbr/em/used_ports.html?ver=13

Regarding changing the port with NAT: Please tell me how to tell BEM to use something other than port 443 to collect data, and I will happily do so. I’ve tried, and had a previous support case about this. Support told me to post here, so I guess they want you to support me instead of them. 

Hi, IMO you’re using the wrong tool here, you want the Veeam Service Provider Console, and each Veeam server can have an agent calling home. BEM expects to be used in an internal network

And let me guess, that’s a licensing up-sell, isn’t it. Buy another thing to make up for the product that was working before that we broke! 

It’s not an upsell at all, it’s free. Might I suggest speaking to your Veeam account rep on the options available for you as a service provider.

There are designs and decisions made around each product and each tool. It’s not a supported design to have VBR and VBEM talking over the internet directly as the tools don’t expect NAT for starters. This is why Veeam has capabilities like Cloud Connect and the Veeam Service Provider Console to deliver purpose built tools for our partners that are delivering services to customers.

Have a read of the tool on the helpcenter documentation and maybe the odd YouTube video or blog post and see if you agree, but I believe this would be a good step forward for you. I am trying to help you here, not upsell you.