====== Veeam Firewall Configuration for Hyper-V ======
To allow Veeam Backup & Replication to manage and back up a Hyper-V host, you must open specific ports on the target Hyper-V host.

===== 1. Required Ports for Veeam & Hyper-V =====

^ Port(s) ^ Protocol ^ Purpose ^
| 135, 445 | TCP | RPC Endpoint Mapper & SMB (Component deployment) |
| 137-139 | UDP/TCP | NetBIOS (Naming and discovery) |
| 6160 | TCP | Veeam Installer Service |
| 6162 | TCP | Veeam Transport Service |
| 6163 | TCP | Veeam Hyper-V Integration Service |
| 2500-3300 | TCP | Data transmission channels (VBR v10+) |
| 49152-65535 | TCP | Dynamic RPC ports for WMI management | 
For more details, see the official [[https://helpcenter.veeam.com/docs/vbr/userguide/used_ports.html|Veeam Used Ports Guide]].

===== 2. PowerShell Script to Open Ports =====

Run the following script as an Administrator on the Hyper-V host to automate the creation of these firewall rules:
Define port ranges and names 

<code powershell>
$VeeamPorts = @(
@{Name="Veeam RPC & SMB"; Port="135, 445"; Protocol="TCP"},
@{Name="Veeam NetBIOS"; Port="137-139"; Protocol="Any"},
@{Name="Veeam Services"; Port="6160, 6162, 6163"; Protocol="TCP"},
@{Name="Veeam Data Transfer"; Port="2500-3300"; Protocol="TCP"},
@{Name="Veeam Dynamic RPC"; Port="49152-65535"; Protocol="TCP"}
)

# Apply rules

foreach ($Rule in $VeeamPorts) {
New-NetFirewallRule -DisplayName $Rule.Name -Direction Inbound
-Action Allow -Protocol $Rule.Protocol
-LocalPort $Rule.Port -Description "Required for Veeam Backup & Replication"
-Group "Veeam Networking"
}
</code>

===== 3. Verification =====
You can verify the rules are active by running this command:

<code powershell>
Get-NetFirewallRule -Group "Veeam Networking" | Select-Object DisplayName, Enabled, Direction
</code>

<WRAP center round info 60%>
Note: If your environment is a Workgroup, ensure you have also added the Veeam server to the host's ''TrustedHosts'' list.
</WRAP>