Skip to main content
Solved

windows Firewall configuration


Forum|alt.badge.img

hi veeam community

I want to turn on the firewall of the backup server and configure the firewallI have veeam backup and enterprise manager on my serverThe servers that are backed up are mostly on hyper-v cluster.There are several physical servers, including SQL Server, which is also a cluster.My question is how can I do this very accurately and professionallyIs there a tool for this?How can I test whether I have considered all the desired ports or not?Thank you for sharing all your experiences with me

 

Best answer by coolsport00

Hi @miriam1989 -

Here is a script I found to display Windows Firewall ports:
Get-NetFirewallRule | Format-Table -Property Name, DisplayName,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action

It displays a pretty nice table:

 

Hope this helps.

View original
Did this topic help you find an answer to your question?

13 comments

MarkBoothman
Forum|alt.badge.img+7
  • Veeam Legend
  • 197 comments
  • February 19, 2024

Hi @miriam1989 the ports required are listed in the Help Center guides.

https://helpcenter.veeam.com/docs/backup/hyperv/used_ports.html?ver=120

 


Forum|alt.badge.img
  • Author
  • Comes here often
  • 23 comments
  • February 19, 2024

Is there a tool that does this automatically or does it have to be done manually?


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 4109 comments
  • February 19, 2024

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 


Forum|alt.badge.img
  • Author
  • Comes here often
  • 23 comments
  • February 19, 2024
coolsport00 wrote:

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 

 

For example, PowerShell that checks Veeam and automatically adds the required ports to the firewall


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 4109 comments
  • February 19, 2024

Sorry...there is no script or any tool I'm aware of here in the Community Hub created to do what you're wanting. 


Chris.Childerhose
Forum|alt.badge.img+21
  • Veeam Legend, Veeam Vanguard
  • 8401 comments
  • February 19, 2024

If you really want to have it done automatically then you would need to uninstall and reinstall Veeam. During the installation the firewall rules are updated by the installer.  You could do this and point to the database already in place.


Forum|alt.badge.img
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 


Forum|alt.badge.img
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024
miriam1989 wrote:
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 

Or to run PowerShell or a script and monitor for a day and list all the ports that are opened

 


MarkBoothman
Forum|alt.badge.img+7
  • Veeam Legend
  • 197 comments
  • February 20, 2024

You would need to setup the firewall on one machine and then you could export the firewall rules and import them.

Although I suspect this wouldn't work for every workload you have theoretically it is possible to do the import via Powershell.

 


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 4109 comments
  • Answer
  • February 20, 2024

Hi @miriam1989 -

Here is a script I found to display Windows Firewall ports:
Get-NetFirewallRule | Format-Table -Property Name, DisplayName,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action

It displays a pretty nice table:

 

Hope this helps.


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 4109 comments
  • February 20, 2024

To run some kind of script to do specifically what you’re wanting, you would really need to play with some of the tools online, like netsh advfirewall firewall tool, with a little bit of a “how-to” page from Microsoft here; or, use Powershell, using MS “how-to” page here and here.

Hope this helps.


Forum|alt.badge.img
  • Author
  • Comes here often
  • 23 comments
  • February 20, 2024

for info:

Through this tool, you can also identify the required ports, but apparently it is not updated

https://app.veeambp.com/veeamports

 


coolsport00
Forum|alt.badge.img+20
  • Veeam Legend
  • 4109 comments
  • February 20, 2024

Thanks for the share!

I believe everything in the Veeam BP Guide is “community-driven” ...and by Veeam SEs. So, it may take time to get certain parts of it updated. Hopefully this part will be updated soon.


Comment