• EN
Solved

windows Firewall configuration

M
Userlevel 5
Badge

hi veeam community

I want to turn on the firewall of the backup server and configure the firewallI have veeam backup and enterprise manager on my serverThe servers that are backed up are mostly on hyper-v cluster.There are several physical servers, including SQL Server, which is also a cluster.My question is how can I do this very accurately and professionallyIs there a tool for this?How can I test whether I have considered all the desired ports or not?Thank you for sharing all your experiences with me

 

icon

Best answer by coolsport00 20 February 2024, 13:55

View original

13 comments

MarkBoothman
Userlevel 7
Badge +6

Hi @miriam1989 the ports required are listed in the Help Center guides.

https://helpcenter.veeam.com/docs/backup/hyperv/used_ports.html?ver=120

 

VMCA2022 | VMCE2021 | Veeam Legend | Twitter: @Boothy71
M
Userlevel 5
Badge

Is there a tool that does this automatically or does it have to be done manually?

coolsport00
Userlevel 7
Badge +17

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
M
Userlevel 5
Badge

Hi @miriam1989 ...any firewall configurations, whether in the Windows OS or on your network f/w need to be set manually.

Let us know if you have any other questions. 

Thank you. 

 

For example, PowerShell that checks Veeam and automatically adds the required ports to the firewall

coolsport00
Userlevel 7
Badge +17

Sorry...there is no script or any tool I'm aware of here in the Community Hub created to do what you're wanting. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +20

If you really want to have it done automatically then you would need to uninstall and reinstall Veeam. During the installation the firewall rules are updated by the installer.  You could do this and point to the database already in place.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
M
Userlevel 5
Badge 
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 

M
Userlevel 5
Badge 
Is it possible  to turn on the firewall and see what ports need to be opened with a command?
Because there are many ports that need to be opened, but I want only the required ports to be open?

 

 

Or to run PowerShell or a script and monitor for a day and list all the ports that are opened

 

MarkBoothman
Userlevel 7
Badge +6

You would need to setup the firewall on one machine and then you could export the firewall rules and import them.

Although I suspect this wouldn't work for every workload you have theoretically it is possible to do the import via Powershell.

 

VMCA2022 | VMCE2021 | Veeam Legend | Twitter: @Boothy71
coolsport00
Userlevel 7
Badge +17

Hi @miriam1989 -

Here is a script I found to display Windows Firewall ports:
Get-NetFirewallRule | Format-Table -Property Name, DisplayName,  @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}}, @{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}, @{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}, @{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}}, Enabled, Profile, Direction, Action

It displays a pretty nice table:

 

Hope this helps.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00
Userlevel 7
Badge +17

To run some kind of script to do specifically what you’re wanting, you would really need to play with some of the tools online, like netsh advfirewall firewall tool, with a little bit of a “how-to” page from Microsoft here; or, use Powershell, using MS “how-to” page here and here.

Hope this helps.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
M
Userlevel 5
Badge

for info:

Through this tool, you can also identify the required ports, but apparently it is not updated

https://app.veeambp.com/veeamports

 

coolsport00
Userlevel 7
Badge +17

Thanks for the share!

I believe everything in the Veeam BP Guide is “community-driven” ...and by Veeam SEs. So, it may take time to get certain parts of it updated. Hopefully this part will be updated soon.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00

Comment


Terms & Conditions