Skip to main content
Solved

windows Firewall configuration

M
Forum|alt.badge.img

hi veeam community

I want to turn on the firewall of the backup server and configure the firewallI have veeam backup and enterprise manager on my serverThe servers that are backed up are mostly on hyper-v cluster.There are several physical servers, including SQL Server, which is also a cluster.My question is how can I do this very accurately and professionallyIs there a tool for this?How can I test whether I have considered all the desired ports or not?Thank you for sharing all your experiences with me

 

Best answer by coolsport00

Hi @miriam1989 -

Here is a script I found to display Windows Firewall ports:
Get-NetFirewallRule | Format-Table -Property Name, DisplayName,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action

It displays a pretty nice table:

 

Hope this helps.

View original
Chris.Childerhose
BertrandFR
Link State
12 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • BertrandFR
    BertrandFR
  • Link State
    Link State
  • vAdmin
    vAdmin
  • jos.maliepaard
    jos.maliepaard
  • Vladan
    Vladan
  • wolff.mateus
    wolff.mateus
  • Jean.peres.bkp
    Jean.peres.bkp
  • April M
    April M
  • NZ_BenThomas
    NZ_BenThomas
  • Dynamic
    Dynamic
  • leduardoserrano
    leduardoserrano
Did this topic help you find an answer to your question?

13 comments

MarkBoothman
Forum|alt.badge.img+7
  • MarkBoothman
  • Veeam Legend
  • 197 comments
  • February 19, 2024

Hi @miriam1989 the ports required are listed in the Help Center guides.

https://helpcenter.veeam.com/docs/backup/hyperv/used_ports.html?ver=120

 

VMCA2022 | VMCE2021 | Veeam Legend | VUG UK Leader
Chris.Childerhose
wesmrt
Iams3le
6 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • wesmrt
    wesmrt
  • Iams3le
    Iams3le
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano
  • M
    miriam1989
M
Forum|alt.badge.img
  • miriam1989
  • Author
  • Comes here often
  • 23 comments
  • February 19, 2024

Is there a tool that does this automatically or does it have to be done manually?

Chris.Childerhose
dloseke
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dloseke
    dloseke
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4109 comments
  • February 19, 2024

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
wesmrt
dloseke
leduardoserrano
4 people like this
  • wesmrt
    wesmrt
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano
  • M
    miriam1989
M
Forum|alt.badge.img
  • miriam1989
  • Author
  • Comes here often
  • 23 comments
  • February 19, 2024
coolsport00 wrote:

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 

 

For example, PowerShell that checks Veeam and automatically adds the required ports to the firewall

Chris.Childerhose
dloseke
leduardoserrano
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4109 comments
  • February 19, 2024

Sorry...there is no script or any tool I'm aware of here in the Community Hub created to do what you're wanting. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
dloseke
leduardoserrano
M
3 people like this
  • dloseke
    dloseke
  • leduardoserrano
    leduardoserrano
  • M
    miriam1989
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8401 comments
  • February 19, 2024

If you really want to have it done automatically then you would need to uninstall and reinstall Veeam. During the installation the firewall rules are updated by the installer.  You could do this and point to the database already in place.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
dloseke
M
3 people like this
  • coolsport00
    coolsport00
  • dloseke
    dloseke
  • M
    miriam1989
M
Forum|alt.badge.img
  • miriam1989
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 

Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
M
Forum|alt.badge.img
  • miriam1989
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024
miriam1989 wrote:
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 

Or to run PowerShell or a script and monitor for a day and list all the ports that are opened

 

Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
MarkBoothman
Forum|alt.badge.img+7
  • MarkBoothman
  • Veeam Legend
  • 197 comments
  • February 20, 2024

You would need to setup the firewall on one machine and then you could export the firewall rules and import them.

Although I suspect this wouldn't work for every workload you have theoretically it is possible to do the import via Powershell.

 

VMCA2022 | VMCE2021 | Veeam Legend | VUG UK Leader
Chris.Childerhose
M
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • M
    miriam1989
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4109 comments
  • Answer
  • February 20, 2024

Hi @miriam1989 -

Here is a script I found to display Windows Firewall ports:
Get-NetFirewallRule | Format-Table -Property Name, DisplayName,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action

It displays a pretty nice table:

 

Hope this helps.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
M
1 person likes this
  • M
    miriam1989
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4109 comments
  • February 20, 2024

To run some kind of script to do specifically what you’re wanting, you would really need to play with some of the tools online, like netsh advfirewall firewall tool, with a little bit of a “how-to” page from Microsoft here; or, use Powershell, using MS “how-to” page here and here.

Hope this helps.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
M
1 person likes this
  • M
    miriam1989
M
Forum|alt.badge.img
  • miriam1989
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024

for info:

Through this tool, you can also identify the required ports, but apparently it is not updated

https://app.veeambp.com/veeamports

 

Chris.Childerhose
coolsport00
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • coolsport00
    coolsport00
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4109 comments
  • February 20, 2024

Thanks for the share!

I believe everything in the Veeam BP Guide is “community-driven” ...and by Veeam SEs. So, it may take time to get certain parts of it updated. Hopefully this part will be updated soon.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
M
1 person likes this
  • M
    miriam1989

Comment


Terms & Conditions