Question

Resrever port ranges on Cloud Connect and VSPC server for communications

  • 22 February 2024
  • 5 comments
  • 31 views

Userlevel 4

Hi Team,

The question is based on the article Veeam Service Provider Console 8.0 Deployment Guide’ ( Veeam Service Provider Console 8.0 (https://helpcenter.veeam.com/docs/vac/deployment/ports.html?ver=80).

 

Communications from Veeam Service Provider Console Server to Veeam Cloud Connect server the on TCP  port range 49152 to 65535. As per a Veeam support team person, they mentioned that, it is better to open around 50-100 ports to facilitate potential requests between the servers.

Just wondering the best method to assign the ports through the firewall. Tried using the ‘netstat -aon’ to identify any listening state ports. To facilitate the connection from VSPC server to VCC server, simply can create an outbound rule on the VSPC server firewall for the specified port range (49152 - 65535) and an inbound firewall rule on the VCC server for the same port range.

However, not sure whether this is the best method to achieve the task in a production environment since, opening ports on a server unnecessarily could lead to potential attacks.

Appreciate your valuable feedback.

Kind regards,

Andrew


5 comments

Userlevel 7
Badge +20

It is probably easier to put the range in to each firewall as I have found that if you don't do the entire range that is when something needs a port not included. 😜

Userlevel 4

Hi Chris,

Thanks for your reply.

Even after opening the range of ports (i.e., 49152-65535)  on the firewall of the VCC and VSPC servers (allowing connection using inbound and outbound rules), I am still unable to create the connection.

Both the servers are running on the same subnet mask and and on the same ESXi host.

The VMs doesn’t have a virus guard installed either.

Just wondering other potential areas that I may need to  look at to get the communications established please?

Thank you.

Kind regards,

Andrew

Userlevel 7
Badge +20

Hi Andrew,

You also need port 9999 for the VSPC agent to talk to the VSPC server.  Try opening that too.

Also here is a port list for VSPC - https://helpcenter.veeam.com/docs/vac/deployment/ports.html?ver=80

 

Userlevel 4

Hi Chris,

thanks for your update. Sorry for the delay in replying.

ports 135, 443, 9999 are communicating as intended. Unfortunately the port ranges 2500-5000 and 49152-65535 are giving potential issues. This, the Veeam support team has requested to open the said port ranges on the hardware firewall too, despite the two VMs are sitting on the same EasXi host.

Thus to open a port, I believe writing a firewall rule is sufficient? An inbound or outbound rule based on the direction of the traffic between servers.

Appreciate your feedback

kind regards,

Andrew

Userlevel 7
Badge +20

Hi Chris,

thanks for your update. Sorry for the delay in replying.

ports 135, 443, 9999 are communicating as intended. Unfortunately the port ranges 2500-5000 and 49152-65535 are giving potential issues. This, the Veeam support team has requested to open the said port ranges on the hardware firewall too, despite the two VMs are sitting on the same EasXi host.

Thus to open a port, I believe writing a firewall rule is sufficient? An inbound or outbound rule based on the direction of the traffic between servers.

Appreciate your feedback

kind regards,

Andrew

Yes, you can create an inbound/outbound rule set to allow the port ranges required as instructed by Support.

Comment