-
- Veteran
- Posts: 316
- Liked: 48 times
- Joined: Apr 07, 2015 1:53 pm
- Full Name: James Wilmoth
- Location: Kannapolis, North Carolina, USA
- Contact:
Firewall rule creation script
I think ideally this could be a feature request for a collection of cmdlets that can be invoked from the BNR server on itself or to remote assets in the deployment. A few times now, I have run into a situation where I want to reset the Windows firewall to default to try and eliminate a symptom, but I am loath to do that because I would have to recreate all the Veeam firewall rules. I would love to drop into Veeam's PowerShell module and invoke something like "Set-DefaultFirewallRules" or "New-DefaultFirewallRules" etc.
-
- Veeam Software
- Posts: 2010
- Liked: 669 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Firewall rule creation script
If you are talking about a programmatic implementation of the native setting for Windows firewall defaults ("Restore defaults" or "Restore default policy"), just invoke the command below:
If you want to restore your custom rules back, combine it with export/import approach:
Thanks!
Code: Select all
(New-Object -ComObject HNetCfg.FwPolicy2).RestoreLocalFirewallDefaults()
Code: Select all
netsh advfirewall export "C:\Temp\fwPolicy.wfw"
netsh advfirewall import "C:\Temp\fwPolicy.wfw"
-
- Veeam Software
- Posts: 2010
- Liked: 669 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Firewall rule creation script
Or you're talking about resetting and setting back only Veeam rules all at once?
-
- Veteran
- Posts: 643
- Liked: 312 times
- Joined: Aug 04, 2019 2:57 pm
- Full Name: Harvey
- Contact:
Re: Firewall rule creation script
Doesn't Veeam already try to do this for its Windows components? At least on install I guess...is there a way to call the same logic via powershell?
-
- Veeam Software
- Posts: 2010
- Liked: 669 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Firewall rule creation script
Yes, you can change management port for each server component:
However, I believe James is asking about a possibility to operate over Veeam-specific firewall rules with a collection of custom cmdlets.
Code: Select all
$server = Get-VBRServer -Name <HostName>
$physHost = $server.GetPhysicalHost()
$components = $physHost.GetComponents()
$port = 6161
$components[0].SetMgmtPort($port)
-
- Veteran
- Posts: 316
- Liked: 48 times
- Joined: Apr 07, 2015 1:53 pm
- Full Name: James Wilmoth
- Location: Kannapolis, North Carolina, USA
- Contact:
Re: Firewall rule creation script
Apologies, I must not have been clear. Yes, I mean only the Veeam rules. I want to be able to reset the Windows firewall which will clear all non-standard rules. Then I would like to invoke a quick Veeam cmdlet to recreate the Veeam-specific rules.
-
- Veeam Software
- Posts: 2010
- Liked: 669 times
- Joined: Sep 25, 2019 10:32 am
- Full Name: Oleg Feoktistov
- Contact:
Re: Firewall rule creation script
James, I noted your feature request. However, it can be written outside Veeam Snap-in.
Let me see if I can write a wrapper for that. Stay tuned. Oleg
Let me see if I can write a wrapper for that. Stay tuned. Oleg
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Aug 19, 2020 4:29 pm
- Contact:
Re: Firewall rule creation script
Hi,
yesterday i open a call #04340072 for the same question. I really need this feature, too.
In the gui of Server 2019 the firewall shows a reset button, when rules will be manually added to the firewall...
After push the button the windows firewall will reset the rules into the installation state.
After installation ob veaam b&r10 the fw ruls will be fine, but now we have no rules for veeam anymore.
yesterday i open a call #04340072 for the same question. I really need this feature, too.
In the gui of Server 2019 the firewall shows a reset button, when rules will be manually added to the firewall...
After push the button the windows firewall will reset the rules into the installation state.
After installation ob veaam b&r10 the fw ruls will be fine, but now we have no rules for veeam anymore.
-
- Veteran
- Posts: 316
- Liked: 48 times
- Joined: Apr 07, 2015 1:53 pm
- Full Name: James Wilmoth
- Location: Kannapolis, North Carolina, USA
- Contact:
Re: Firewall rule creation script
I went ahead and created my own. See code below.
-
- Veteran
- Posts: 316
- Liked: 48 times
- Joined: Apr 07, 2015 1:53 pm
- Full Name: James Wilmoth
- Location: Kannapolis, North Carolina, USA
- Contact:
Re: Firewall rule creation script
Code: Select all
$seconds = 30
Write-Host "Please reset the firewall to default now. Counting down from " -NoNewLine
do {
Start-Sleep -Seconds 1
Write-Host "$seconds " -NoNewLine
} while($seconds-- -gt 0)
Write-Host "..."
## INBOUND RULES
[System.Collections.ArrayList]$rules = @()
## SolarWinds
<# You can add/replace here any existing firewall rules that your remote access tool(s)
need #>
$params = @{
DisplayName = "NableUpdateService";
Enabled = 'True';
Action = "Allow";
Direction = "Inbound";
Protocol = "TCP";
LocalPort = 15000;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Take Control Agent - [N-Central] - TCP";
Description = "Take Control Agent - [N-Central]";
Enabled = 'True';
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Take Control Agent - [N-Central] - UDP";
Description = "Take Control Agent - [N-Central]";
Enabled = 'True';
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe";
Protocol = "UDP";
Profile = "Any";
}
$rules.Add($params) > $Null
## Veeam
<# These rules are the ones I found Veeam had created on a Backup & Replication v10 server, standard install.
You may need to adjust this list as needed according to your rules. #>
$params = @{
DisplayName = "Veeam Backup Management Service (In)";
Description = "Inbound rule for Veeam Backup Management Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup Remote PowerShell Manager (In)";
Description = "Inbound rule for Veeam Backup Remote PowerShell Manager";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.PSManager.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup Secure Communication (In)";
Description = "Inbound rule for secure connections between Veeam Backup & Replication components";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Protocol = "TCP";
LocalPort = 9401
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup UI Server (In)";
Description = "Inbound rule for Veeam Backup UI Server";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.UIServer.exe";
Protocol = "TCP";
LocalPort = 9396;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup VSS Integration Service (In)";
Description = "Inbound rule for Veeam Backup VSS Integration Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup File System VSS Integration\VeeamFilesysVssSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Broker Service (In)";
Description = "Inbound rule for Veeam Broker Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.BrokerService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Catalog Service (In)";
Description = "Inbound rule for Veeam Catalog Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe";
Protocol = "TCP";
LocalPort = 9393;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Cloud Connect Service (In)";
Description = "Inbound rule for Veeam Cloud Connect Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (In)";
Description = "Inbound rule for Veeam Data Mover included with Veeam Backup and Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\WinAgent\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (Veeam Catalog Service) (In)";
Description = "Inbound rule for Veeam Data Mover included with Veeam Catalog Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (Veeam Transport Service) (In)";
Description = "Inbound rule for Veeam Data Mover included with Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover x64 (Veeam Transport Service) (In)";
Description = "Inbound rule for Veeam Data Mover x64 included with Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Distribution Service (In)";
Description = "Inbound rule for Veeam Distribution Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Veeam Distribution Service\Veeam.Backup.Agent.ConfigurationService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Guest Interaction Proxy (In)";
Description = "Inbound rule for Veeam Guest Interaction Proxy";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Installer Service (Veeam Backup and Replication) (In)";
Description = "Inbound rule for Veeam Installer Service included with Veeam Backup and Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Windows\Veeam\Backup and Replication\VeeamDeploymentSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Mount Service (In)";
Description = "Inbound rule for Veeam Mount Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Common Files\Veeam\Backup and Replication\Mount Service\Veeam.Backup.MountService.exe";
Protocol = "TCP";
LocalPort = 6170;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Traffic Redirector (In)";
Description = "Inbound rule for Veeam Traffic Redirector included with Veeam Backup & Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\VeeamNetworkRedirector.exe";
Protocol = "TCP";
LocalPort = 6170;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Traffic Redirector (Veeam Backup & Replication console) (In)";
Description = "Inbound rule for Veeam Network Traffic included with Veeam Backup & Replication console";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Console\VeeamNetworkRedirector.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Transport Service (In)";
Description = "Inbound rule for Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam vPower NFS Service (In)";
Description = "Inbound rule for Veeam vPower NFS Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam.Backup.Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
Protocol = "UDP";
LocalPort = "Any";
RemotePort = "Any";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam.Backup.Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
Protocol = "TCP";
LocalPort = "Any";
RemotePort = "Any";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "VeeamAgent";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
Protocol = "UDP";
LocalPort = "Any";
RemotePort = "Any";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "VeeamAgent";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Inbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
Protocol = "TCP";
LocalPort = "Any";
RemotePort = "Any";
Profile = "Any";
}
$rules.Add($params) > $Null
## OUTBOUND RULES
$params = @{
DisplayName = "Veeam Backup Management Service (Out)";
Description = "Outbound rule for Veeam Backup Management Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup Remote PowerShell Manager (Out)";
Description = "Outbound rule for Veeam Backup Remote PowerShell Manager";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.PSManager.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup Secure Communication (Out)";
Description = "Outbound rule for secure connections between Veeam Backup & Replication components";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Protocol = "TCP";
LocalPort = 9401;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup UI Server (Out)";
Description = "Outbound rule for Veeam Backup UI Server";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.UIServer.exe";
Protocol = "TCP";
LocalPort = 9396;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Backup VSS Integration Service (Out)";
Description = "Outbound rule for Veeam Backup VSS Integration Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup File System VSS Integration\VeeamFilesysVssSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Broker Service (Out)";
Description = "Outbound rule for Veeam Broker Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.BrokerService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Catalog Service (Out)";
Description = "Outbound rule for Veeam Catalog Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe";
Protocol = "TCP";
LocalPort = 9393;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Cloud Connect Service (Out)";
Description = "Outbound rule for Veeam Cloud Connect Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.CloudService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (Out)";
Description = "Outbound rule for Veeam Data Mover included with Veeam Backup and Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\WinAgent\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (Veeam Catalog Service) (Out)";
Description = "Outbound rule for Veeam Data Mover included with Veeam Catalog Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup Catalog\WinAgent\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover (Veeam Transport Service) (Out)";
Description = "Outbound rule for Veeam Data Mover included with Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\x86\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Data Mover x64 (Veeam Transport Service) (Out)";
Description = "Outbound rule for Veeam Data Mover x64 included with Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\x64\VeeamAgent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Distribution Service (Out)";
Description = "Outbound rule for Veeam Distribution Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Veeam Distribution Service\Veeam.Backup.Agent.ConfigurationService.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Guest Interaction Proxy (Out)";
Description = "Outbound rule for Veeam Guest Interaction Proxy";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Installer Service (Veeam Backup and Replication) (Out)";
Description = "Outbound rule for Veeam Installer Service included with Veeam Backup and Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Windows\Veeam\Backup and Replication\VeeamDeploymentSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Management Agent Configurator port (Out)";
Description = "Outbound rule for Veeam Management Agent Configurator";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Availability Console\CommunicationAgent\Veeam.MBP.AgentConfigurator.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Management Agent port (Out)";
Description = "Outbound rule for Veeam Management Agent";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Availability Console\CommunicationAgent\Veeam.MBP.Agent.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Mount Service (Out)";
Description = "Outbound rule for Veeam Mount Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Common Files\Veeam\Backup and Replication\Mount Service\Veeam.Backup.MountService.exe";
Protocol = "TCP";
LocalPort = 6170;
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Traffic Redirector (Out)";
Description = "Outbound rule for Veeam Traffic Redirector included with Veeam Backup & Replication";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Backup\VeeamNetworkRedirector.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Traffic Redirector (Veeam Backup & Replication console) (Out)";
Description = "Outbound rule for Veeam Network Traffic included with Veeam Backup & Replication console";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files\Veeam\Backup and Replication\Console\VeeamNetworkRedirector.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam Transport Service (Out)";
Description = "Outbound rule for Veeam Transport Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
$params = @{
DisplayName = "Veeam vPower NFS Service (Out)";
Description = "Outbound rule for Veeam vPower NFS Service";
Enabled = 'True';
Group = "Veeam Networking";
Action = "Allow";
Direction = "Outbound";
Program = "C:\Program Files (x86)\Veeam\vPowerNFS\VeeamNFSSvc.exe";
Protocol = "TCP";
Profile = "Any";
}
$rules.Add($params) > $Null
## Add the firewall rules
<# This is just a simple loop that creates the rules again. #>
$rules | % {
Write-Host $("{0} {1}" -f $($_.DisplayName), $($_.LocalPort))
New-NetFirewallRule @_
}
## Failsafe
<# This failsafe section will disable the firewall after 30 seconds so you can get back in in the unlikely event
you missed adding a rule that your remote access tool(s) need. #>
$seconds = 30
Write-Host "Please confirm if you have access by pressing CTRL+Z to break out of this script. If you do not, so you can get back in, we will disable the firewall in " -NoNewLine
do {
Start-Sleep -Seconds 1
Write-Host "$seconds " -NoNewLine
} while($seconds-- -gt 0)
Write-Host "..."
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
Who is online
Users browsing this forum: Semrush [Bot] and 10 guests