====== Veeam Firewall Configuration for Hyper-V ======
To allow Veeam Backup & Replication to manage and back up a Hyper-V host, you must open specific ports on the target Hyper-V host.
===== 1. Required Ports for Veeam & Hyper-V =====
^ Port(s) ^ Protocol ^ Purpose ^
| 135, 445 | TCP | RPC Endpoint Mapper & SMB (Component deployment) |
| 137-139 | UDP/TCP | NetBIOS (Naming and discovery) |
| 6160 | TCP | Veeam Installer Service |
| 6162 | TCP | Veeam Transport Service |
| 6163 | TCP | Veeam Hyper-V Integration Service |
| 2500-3300 | TCP | Data transmission channels (VBR v10+) |
| 49152-65535 | TCP | Dynamic RPC ports for WMI management |
For more details, see the official [[https://helpcenter.veeam.com/docs/vbr/userguide/used_ports.html|Veeam Used Ports Guide]].
===== 2. PowerShell Script to Open Ports =====
Run the following script as an Administrator on the Hyper-V host to automate the creation of these firewall rules:
Define port ranges and names
$VeeamPorts = @(
@{Name="Veeam RPC & SMB"; Port="135,445"; Protocol="TCP"},
@{Name="Veeam NetBIOS"; Port="137-139"; Protocol="Any"},
@{Name="Veeam Services"; Port="6160,6162,6163"; Protocol="TCP"},
@{Name="Veeam Data Transfer"; Port="2500-3300"; Protocol="TCP"},
@{Name="Veeam Dynamic RPC"; Port="49152-65535"; Protocol="TCP"}
)
foreach ($Rule in $VeeamPorts) {
$params = @{
DisplayName = $Rule.Name
Direction = "Inbound"
Action = "Allow"
Protocol = $Rule.Protocol
LocalPort = $Rule.Port
Description = "Required for Veeam Backup & Replication"
Group = "Veeam Networking"
}
New-NetFirewallRule @params
}
===== 3. Verification =====
You can verify the rules are active by running this command:
Get-NetFirewallRule -Group "Veeam Networking" | Select-Object DisplayName, Enabled, Direction
Note: If your environment is a Workgroup, ensure you have also added the Veeam server to the host's ''TrustedHosts'' list.