Hello!
I work in a highly secured, micro-segmented on-prem environment that is migrating to GCP. We are restricted to PCI standards, as well as others, thus EVERYTHING is blocked by default and only pinholes are poked to the firewalls to get to what is required. --As it should be.
Unfortunately, the User Guide documentation (https://helpcenter.veeam.com/docs/vbgcp ... tml?ver=10) seemed to NOT include all of the details of needed rules/destinations... For instance, logs were showing the appliance attempting to contact api.snapcraft.io, which is not included in the details of firewall rules required.
Would anyone be willing to share the firewall rules syntax applied to their functioning Veeam for GCP deployment?
Much appreciated in advance.
-
ndymond
- Influencer
- Posts: 10
- Liked: 2 times
- Joined: Mar 11, 2021 9:34 pm
- Full Name: Nick Dymond
- Contact:
-
Vitaliy S.
- VP, Product Management
- Posts: 27120
- Liked: 2720 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Firewall Ruleset
Hi Nick,
Thanks!
We have brought this question internally, and once our QA team has the required info, we will update the thread (might take a while).ndymond wrote:Would anyone be willing to share the firewall rules syntax applied to their functioning Veeam for GCP deployment?
Yes, this is the appliance trying to reach out to this address, not the VB itself.ndymond wrote:For instance, logs were showing the appliance attempting to contact api.snapcraft.io, which is not included in the details of firewall rules required.
Thanks!
-
ndymond
- Influencer
- Posts: 10
- Liked: 2 times
- Joined: Mar 11, 2021 9:34 pm
- Full Name: Nick Dymond
- Contact:
Re: Firewall Ruleset
After a couple of weeks of figuring out the nuances of the implementation, upgrading the Appliance and finding deficits of the current implementation documentation we've figure out a couple things to note..
Firewall ports that were required for our deployment were:
api.snapcraft.com 443 (as the original post outlines) was required for the hosting GCP Project's Appliance deployment << needed to get the instance to finalize the initilaization of the Appliance
packages.microsoft.com 443 << needed to update the OS from the WebUI.
Hope this helps someone in the future.
Firewall ports that were required for our deployment were:
api.snapcraft.com 443 (as the original post outlines) was required for the hosting GCP Project's Appliance deployment << needed to get the instance to finalize the initilaization of the Appliance
packages.microsoft.com 443 << needed to update the OS from the WebUI.
Hope this helps someone in the future.
-
Alec King
- VP, Product Management
- Posts: 1446
- Liked: 362 times
- Joined: Jan 01, 2006 1:01 am
- Contact:
Re: Firewall Ruleset
Following up with a KB article to assist with security, firewall etc -
KB4157: How to configure connections required for Veeam Backup for Google Cloud Platform in highly secured environments
KB4157: How to configure connections required for Veeam Backup for Google Cloud Platform in highly secured environments
Who is online
Users browsing this forum: No registered users and 2 guests