The scenario was:-
- firewall in between different subnet/vlan
- application (SQL server) is located in 10.0.0.0/24
- Veeam Backup Server (VBR+Proxy+repository) located in 192.168.0.0/24
- ESX host located in 192.168.0.0/24
Customer having problem when using Veeam Explorer to recover a database back to SQL Server located in 10.0.0.0/24
Found that firewall is blocking traffic between 192.168.0.0/24 and 10.0.0.0/24.
Here is the finding on firewall ports that need to open when
a) Using Veeam Explorer on Veeam Backup Server
VBR -> SQL
TCP/ 1433
TCP/UDP 135
TCP/UDP 445
TCP/ 1025
TCP/ 137-139
TCP/49191
TCP 6160 -6170
UDP 137-138
SQL -> VBR
TCP 3260-3270
TCP 49191
p/s: Click on image to view in large mode.
b) Using Veeam Explorer on same subnet as SQL Server (10.0.0.0/24). Staging Server point to SQL VM
Remote Veeam Explorer ->VBR
TCP/ 9392
TCP/ 9401
VBR -> SQL
TCP/6160 -6170
SQL -> VBR
TCP/3260 -3262
p/s: Click on image to view in large mode.
Note:-
We notice during SQL Database restore, there are traffic SQL -> AD (dynamic ports)
Do take note that above firewall policy is based on my lab environment testing. Do test on your environment and view the log firewall to get the accurate result.
